5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.964 High
EPSS
Percentile
99.5%
Added: 02/24/2006
CVE: CVE-2005-1990
BID: 14511
OSVDB: 18612
Windows operating systems use the Component Object Model (COM) to allow various program components to be run within different applications.
Improper instantiation of certain COM objects as ActiveX controls by Internet Explorer leads to a buffer overflow which can result in command execution.
Apply the patch referenced in Microsoft Security Bulletin 05-038.
<http://www.microsoft.com/technet/security/Bulletin/MS05-038.mspx>
This exploit requires a user to follow a link to the exploit from a vulnerable host. Exploit works on Internet Explorer 6.0.
Windows 2000
Windows XP
Windows Server 2003