5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.964 High
EPSS
Percentile
99.5%
Added: 06/05/2006
CVE: CVE-2005-2087
BID: 14087
OSVDB: 17680
Windows operating systems use the Component Object Model (COM) to allow various program components to be run within different applications. One such object, the JView Profiler (**Javaprxy.dll**
), is a debugger interface for Microsoft Java Virtual Machine.
Internet Explorer is affected by a heap overflow vulnerability when the **Javaprxy.dll**
COM object is instantiated, allow command execution by a malicious web page.
Apply the patch referenced in Microsoft Security Bulletin 05-037.
<http://www.kb.cert.org/vuls/id/939605>
Exploit works if a vulnerable version of **javaprxy.dll**
is present. A user must load the exploit page into Internet Explorer in order for exploitation to succeed.
Windows