Vulnerability CVE-2005-2127


Published: 2005-08-19   Modified: 2012-02-12

Description:
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."

See advisories in our WLB2 database:
Topic
Author
Date
High
MDT2DD.DLL COM Object Uninitialized Heap Memory Vulnerability
Fang Xing
12.10.2005

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Microsoft -> .net framework 
Microsoft -> Office 
Microsoft -> Project 
Microsoft -> Visio 
Microsoft -> Visual studio .net 
ATI -> Catalyst driver 

 References:
http://isc.sans.org/diary.php?date=2005-08-18
http://securityreason.com/securityalert/72
http://securitytracker.com/id?1014727
http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
http://www.kb.cert.org/vuls/id/740372
http://www.kb.cert.org/vuls/id/898241
http://www.kb.cert.org/vuls/id/959049
http://www.microsoft.com/technet/security/advisory/906267.mspx
http://www.securityfocus.com/archive/1/470690/100/0/threaded
http://www.securityfocus.com/bid/14594
http://www.securityfocus.com/bid/15061
http://www.us-cert.gov/cas/techalerts/TA05-284A.html
http://www.us-cert.gov/cas/techalerts/TA05-347A.html
http://www.us-cert.gov/cas/techalerts/TA06-220A.html
http://www.vupen.com/english/advisories/2005/1450
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-052
https://exchange.xforce.ibmcloud.com/vulnerabilities/21895
https://exchange.xforce.ibmcloud.com/vulnerabilities/34754
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1155
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1454
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1464
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1468
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1535
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1538

Copyright 2021, cxsecurity.com

 

Back to Top