CVE-2005-2127

CVE-2005-2127 is a remote code-execution vulnerability in Internet Explorer 5.01/5.5/6 related to memory corruption when instantiating certain COM objects not designed for IE. The issue, documented as COM Object Instantiation Memory Corruption, affects multiple CLSIDs (e.g., Msdds.dll, Blnmgrps.d...

CVE-2005-2127

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally...

Microsoft Internet Explorer can use any COM object

Overview Microsoft Internet Explorer IE will attempt to use COM objects that were not intended to be used in the web browser. This can cause a variety of impacts, such as causing IE to crash. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable softwar...

Multiple Microsoft Internet Explorer vulnerabilities

Memory corruption on JPEG files parsing, memory corruption on COM object installation, crossite scripting with Web folders...

[Full-disclosure] COM objects and MSIE vulnerabilities recap + additional fix

Disclaimer: The information in this email is distributed WITHOUT ANY WARRANTY, TO THE EXTENT PERMITTED BY APPLICABLE LAW; without even the implied warranty of CORRECTNESS or FITNESS FOR A PARTICULAR PURPOSE. You know the drill... Affected products: Various COM objects when loaded in Microsoft...

Microsoft DDS Library Shape Control (msdds.dll) COM object contains an unspecified vulnerability

Overview Microsoft DDS Library Shape Control COM object contains an unspecified vulnerability, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable software components...

Microsoft Visual Studio .NET - msdds.dll Remote Code Execution

Microsoft Visual Studio .NET - msdds.dll Remote Code Execution source: https://www.securityfocus.com/bid/14594/info Microsoft Visual Studio .NET is prone to a vulnerability that could allow remote arbitrary code execution. This is due to a buffer overflow that is exposed during COM object...

Microsoft Visual Studio .NET - 'msdds.dll' Remote Code Execution

source: https://www.securityfocus.com/bid/14594/info Microsoft Visual Studio .NET is prone to a vulnerability that could allow remote arbitrary code execution. This is due to a buffer overflow that is exposed during COM object instantiation. The list of vulnerable packages has been updated to...

CVE-2005-1990

Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including 1 devenum.dll, 2 diactfrm.dll, 3...

CVE-2005-1990

CVE-2005-1990 affects Internet Explorer 5.0, 5.5, and 6.0. The vulnerability arises from improper instantiation of certain COM objects as ActiveX controls, causing a buffer/memory corruption in the host process and potentially enabling command execution or a crash. Affected components include a s...

CVE-2005-1990

Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including 1 devenum.dll, 2 diactfrm.dll, 3...

[VulnWatch] NSFOCUS SA2005-02 : Microsoft IE Devenum.dll COM Instantiation Remote Code Execution Vulnerability

NSFOCUS Security AdvisorySA2005-02 Topic: Microsoft IE Devenum.dll COM Instantiation Remote Code Execution Vulnerability Release Date: 2005-08-10 CVE CAN ID: CAN-2005-1990 http://www.nsfocus.com/english/homepage/research/0502.htm Affected systems & software =========================== Microsoft...

Microsoft Internet Explorer - blnmgr.dll COM Object Remote (MS05-038)

Microsoft Internet Explorer - blnmgr.dll COM Object Remote MS05-038 !-- placed into html for your testing. /str0ke !/usr/bin/perl Internet Explorer COM Objects Instantiation Proof of Concept Exploit MS05-038 Bindshell on port 28876 - Based and ripped from Berend-Jan Wever's IE Exploit Vulnerable...

Microsoft Internet Explorer COM Object Instantiation Buffer Overflow Vulnerability

Description Microsoft Internet Explorer is prone to a buffer-overflow vulnerability that is exposed when certain COM objects are instantiated as ActiveX controls. A malicious webpage could pass content to these objects to trigger memory corruption. Successful exploits could let remote attackers...

MS Internet Explorer (blnmgr.dll) COM Object Remote Expl (MS05-038)

Exploit for unknown platform in category remote exploits ====================================================================== MS Internet Explorer blnmgr.dll COM Object Remote Exploit MS05-038 ====================================================================== !-- placed into html for your...

MS05-038: Cumulative Security Update for Internet Explorer (896727)

The remote host contains a version of the Internet Explorer that is vulnerable to multiple security flaws JPEG Rendering, Web Folder, COM Object that could allow an attacker to execute arbitrary code on the remote host by constructing a malicious web page and entice a victim to visit this web pag...

Multiple COM objects cause memory corruption in Microsoft Internet Explorer

Overview Microsoft Internet Explorer IE allows instantiation of COM objects not designed for use in the browser, which may allow a remote attacker to execute arbitrary code or crash IE. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable software...

Microsoft Internet Explorer - 'blnmgr.dll' COM Object Remote (MS05-038)

!-- placed into html for your testing. /str0ke !/usr/bin/perl Internet Explorer COM Objects Instantiation Proof of Concept Exploit MS05-038 Bindshell on port 28876 - Based and ripped from Berend-Jan Wever's IE Exploit Vulnerable Objects : 3F8A6C33-E0FD-11D0-8A8C-00A0C90C2BC5 blnmgr.dll - Exploite...

SPI Dynamics WebInspect 5.0.196 - Cross Application Script Injection

source: https://www.securityfocus.com/bid/14385/info WebInspect is vulnerable to a cross-application script injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied data prior to including it in content rendered in an Internet Explorer COM...

VulnCheck KEV: CVE-2005-2087

Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects...