CVE-2005-1990
Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087.
EPSS 82.18% · 99.2th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| microsoft | ie | 6 |
| microsoft | internet_explorer | 5.01, 5.5 |
| n/a | n/a | n/a |
Timeline
- Aug 10, 2005 CVE Published
- Jul 30, 2010 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- oval:org.mitre.oval:def:1235 vdb
- VU#959049 third-party-advisory
- 14511 vdb
- oval:org.mitre.oval:def:1061 vdb
- 16373 third-party-advisory
- oval:org.mitre.oval:def:1221 vdb
- TA05-221A third-party-advisory
- oval:org.mitre.oval:def:100082 vdb
- MS05-038 vendor-advisory
- oval:org.mitre.oval:def:1337 vdb
- 1014643 vdb
- ADV-2005-1353 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2005-1990 advisory
- http://secunia.com/advisories/16373 url