CVE-2005-2127
Description
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
42- cpe:2.3:a:ati:catalyst_driver:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:1.1:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:microsoft:.net_framework:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:1.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:1.1:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2000:*:*:ja:*:*:*:*
- cpe:2.3:a:microsoft:office:2000:*:*:ko:*:*:*:*
- cpe:2.3:a:microsoft:office:2000:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2000:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2000:*:*:zh:*:*:*:*
- cpe:2.3:a:microsoft:office:xp:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:xp:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:project:2000:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:microsoft:project:2000:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:project:2002:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:project:2003:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:project:2003:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:project:98:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visio:2000:sr1:*:*:enterprise:*:*:*+ 10 more
- cpe:2.3:a:microsoft:visio:2000:sr1:*:*:enterprise:*:*:*
- cpe:2.3:a:microsoft:visio:2002:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visio:2002:*:*:*:professional:*:*:*
- cpe:2.3:a:microsoft:visio:2002:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visio:2002:sp2:*:*:professional:*:*:*
- cpe:2.3:a:microsoft:visio:2002:sp2:*:*:standard:*:*:*
- cpe:2.3:a:microsoft:visio:2003:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visio:2003:*:*:*:professional:*:*:*
- cpe:2.3:a:microsoft:visio:2003:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visio:2003:*:*:*:standard:*:*:*
cpe:2.3:a:microsoft:visual_studio_.net:2002:gold:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:microsoft:visual_studio_.net:2002:gold:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_studio_.net:2003:*:*:*:enterprise_architect:*:*:*
- cpe:2.3:a:microsoft:visual_studio_.net:2003:gold:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_studio_.net:gold:*:*:*:academic:*:*:*
- cpe:2.3:a:microsoft:visual_studio_.net:gold:*:*:*:enterprise_architect:*:*:*
- cpe:2.3:a:microsoft:visual_studio_.net:gold:*:*:*:enterprise_developer:*:*:*
- cpe:2.3:a:microsoft:visual_studio_.net:gold:*:*:*:professional:*:*:*
- cpe:2.3:a:microsoft:visual_studio_.net:gold:*:*:*:trial:*:*:*
- Range: 5.01, 5.5, and 6
Patches
Vulnerability mechanics
References
28- secunia.com/advisories/16480nvdPatchVendor Advisory
- www.microsoft.com/technet/security/advisory/906267.mspxnvdMitigationPatchVendor Advisory
- securitytracker.com/idnvdExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
- www.securityfocus.com/bid/14594nvdExploitPatchThird Party AdvisoryVDB Entry
- isc.sans.org/diary.phpnvdThird Party Advisory
- secunia.com/advisories/17172nvdPermissions RequiredThird Party Advisory
- secunia.com/advisories/17223nvdPermissions RequiredThird Party Advisory
- secunia.com/advisories/17509nvdPermissions RequiredThird Party Advisory
- securityreason.com/securityalert/72nvdThird Party Advisory
- support.avaya.com/elmodocs2/security/ASA-2005-214.pdfnvdThird Party Advisory
- www.kb.cert.org/vuls/id/740372nvdThird Party AdvisoryUS Government Resource
- www.kb.cert.org/vuls/id/898241nvdThird Party AdvisoryUS Government Resource
- www.kb.cert.org/vuls/id/959049nvdThird Party AdvisoryUS Government Resource
- www.securityfocus.com/bid/15061nvdThird Party AdvisoryVDB Entry
- www.us-cert.gov/cas/techalerts/TA05-284A.htmlnvdThird Party AdvisoryUS Government Resource
- www.us-cert.gov/cas/techalerts/TA05-347A.htmlnvdThird Party AdvisoryUS Government Resource
- www.us-cert.gov/cas/techalerts/TA06-220A.htmlnvdThird Party AdvisoryUS Government Resource
- www.vupen.com/english/advisories/2005/1450nvdBroken Link
- exchange.xforce.ibmcloud.com/vulnerabilities/21895nvdVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/34754nvdVDB Entry
- www.securityfocus.com/archive/1/470690/100/0/threadednvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-052nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1155nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1454nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1464nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1468nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1535nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1538nvd
News mentions
0No linked articles in our index yet.