7.6 High
AI Score
Confidence
Low
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.964 High
EPSS
Percentile
99.6%
Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka “COM Object Instantiation Memory Corruption Vulnerability,” a different vulnerability than CVE-2005-2087.
secunia.com/advisories/16373/
securitytracker.com/id?1014643
www.kb.cert.org/vuls/id/959049
www.securityfocus.com/bid/14511
www.us-cert.gov/cas/techalerts/TA05-221A.html
www.vupen.com/english/advisories/2005/1353
docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1061
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1221
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1235
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1337