SAINT CorporationSAINT:DAC6C91170670984B710DF599C918879Internet Explorer Javaprxy.dll heap overflow
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.964 High
EPSS
Percentile
99.5%
Added: 06/05/2006
CVE: CVE-2005-2087
BID: 14087
OSVDB: 17680
Background
Windows operating systems use the Component Object Model (COM) to allow various program components to be run within different applications. One such object, the JView Profiler (**Javaprxy.dll**), is a debugger interface for Microsoft Java Virtual Machine.
Problem
Internet Explorer is affected by a heap overflow vulnerability when the **Javaprxy.dll** COM object is instantiated, allow command execution by a malicious web page.
Resolution
Apply the patch referenced in Microsoft Security Bulletin 05-037.
References
<http://www.kb.cert.org/vuls/id/939605>
Limitations
Exploit works if a vulnerable version of **javaprxy.dll** is present. A user must load the exploit page into Internet Explorer in order for exploitation to succeed.
Platforms
Windows
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.964 High
EPSS
Percentile
99.5%