Podatność CVE-2005-2127
Publikacja: 2005-08-19   Modyfikacja: 2012-02-12

Opis:
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
High
MDT2DD.DLL COM Object Uninitialized Heap Memory Vulnerability
Fang Xing
12.10.2005

Typ:

CWE-119

 (Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
7.5/10
6.4/10
10/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Niska
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Częściowy
Częściowy
Częściowy
Affected software
Microsoft -> .net framework 
Microsoft -> Office 
Microsoft -> Project 
Microsoft -> Visio 
Microsoft -> Visual studio .net 
ATI -> Catalyst driver 

 Referencje:
http://isc.sans.org/diary.php?date=2005-08-18
http://securityreason.com/securityalert/72
http://securitytracker.com/id?1014727
http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
http://www.kb.cert.org/vuls/id/740372
http://www.kb.cert.org/vuls/id/898241
http://www.kb.cert.org/vuls/id/959049
http://www.microsoft.com/technet/security/advisory/906267.mspx
http://www.securityfocus.com/archive/1/470690/100/0/threaded
http://www.securityfocus.com/bid/14594
http://www.securityfocus.com/bid/15061
http://www.us-cert.gov/cas/techalerts/TA05-284A.html
http://www.us-cert.gov/cas/techalerts/TA05-347A.html
http://www.us-cert.gov/cas/techalerts/TA06-220A.html
http://www.vupen.com/english/advisories/2005/1450
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-052
https://exchange.xforce.ibmcloud.com/vulnerabilities/21895
https://exchange.xforce.ibmcloud.com/vulnerabilities/34754
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1155
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1454
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1464
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1468
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1535
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1538
Copyright 2024, cxsecurity.com

 

Back to Top