CVE-2005-2127 Information

Feb 14, 2021 cve

Description

Microsoft Internet Explorer 5.01 5.5 and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object and other objects including (2) Blnmgrps.dll (3) Ciodm.dll (4) Comsvcs.dll (5) Danim.dll (6) Htmlmarq.ocx (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory) (8) Mdt2qd.dll (9) Mpg4ds32.ax (10) Msadds32.ax (11) Msb1esen.dll (12) Msb1fren.dll (13) Msb1geen.dll (14) Msdtctm.dll (15) Mshtml.dll (16) Msoeacct.dll (17) Msosvfbr.dll (18) Mswcrun.dll (19) Netshell.dll (20) Ole2disp.dll (21) Outllib.dll (22) Psisdecd.dll (23) Qdvd.dll (24) Repodbc.dll (25) Shdocvw.dll (26) Shell32.dll (27) Soa.dll (28) Srchui.dll (29) Stobject.dll (30) Vdt70.dll (31) Vmhelper.dll and (32) Wbemads.dll aka a variant of the \COM Object Instantiation Memory Corruption vulnerability.\

Reference

http://isc.sans.org/diary.php?date=2005-08-18 http://secunia.com/advisories/16480 http://secunia.com/advisories/17172 http://secunia.com/advisories/17223 http://secunia.com/advisories/17509 http://securityreason.com/securityalert/72 http://securitytracker.com/id?1014727 http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf http://www.kb.cert.org/vuls/id/740372 http://www.kb.cert.org/vuls/id/898241 http://www.kb.cert.org/vuls/id/959049 http://www.microsoft.com/technet/security/advisory/906267.mspx http://www.securityfocus.com/archive/1/470690/100/0/threaded http://www.securityfocus.com/bid/14594 http://www.securityfocus.com/bid/15061 http://www.us-cert.gov/cas/techalerts/TA05-284A.html http://www.us-cert.gov/cas/techalerts/TA05-347A.html http://www.us-cert.gov/cas/techalerts/TA06-220A.html http://www.vupen.com/english/advisories/2005/1450 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-052 https://exchange.xforce.ibmcloud.com/vulnerabilities/21895 https://exchange.xforce.ibmcloud.com/vulnerabilities/34754 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1155 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1454 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1464 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1468 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1535 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1538

Share on: