VDB

CVE-2005-2127

CVE-2005-2127 PUBLISHED CVSS 7.5 HIGH

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."

EPSS 42.05% · 97.5th percentile

Risk Scores

CVSS 2.0
7.5
EPSS Score
42.05%
97.5th percentile

Affected Products

VendorProductVersions
microsoftoffice2000, xp, xp
microsoft.net_framework1.1, 1.1, 1.1
microsoftproject2000, 2002, 2003
aticatalyst_driver
n/an/an/a
microsoftvisual_studio_.netgold, 2003, gold
microsoftvisio2002, 2002, 2003

Timeline

  • Aug 19, 2005 CVE Published
  • Jul 30, 2010 PoC Published
  • Sep 23, 2014 PoC Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 1, 2022 CVE Updated
  • Jul 12, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 9, 2023 EPSS Score
  • Apr 3, 2023 EPSS Score
  • Apr 25, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›