Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMicrosoftCVE-2005-2127
HistoryAug 19, 2005 - 4:00 a.m.

CVE-2005-2127

2005-08-1904:00:00
CWE-119
microsoft
web.nvd.nist.gov
44
2
cve-2005-2127
microsoft internet explorer
remote attackers
denial of service
arbitrary code
web page
clsids
com objects
vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

High

EPSS

0.613

Percentile

97.8%

JSON

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the “COM Object Instantiation Memory Corruption vulnerability.”

Affected configurations

Nvd
Node
aticatalyst_driver
OR
microsoft.net_frameworkMatch1.1
OR
microsoft.net_frameworkMatch1.1sp1
OR
microsoft.net_frameworkMatch1.1sp2
OR
microsoft.net_frameworkMatch1.1sp3
OR
microsoftoffice
OR
microsoftofficeMatch2000
OR
microsoftofficeMatch2000ja
OR
microsoftofficeMatch2000ko
OR
microsoftofficeMatch2000zh
OR
microsoftofficeMatch2000sp1
OR
microsoftofficeMatch2000sp2
OR
microsoftofficeMatch2000sp3
OR
microsoftofficeMatchxpsp1
OR
microsoftofficeMatchxpsp2
OR
microsoftofficeMatchxpsp3
OR
microsoftprojectMatch98
OR
microsoftprojectMatch2000
OR
microsoftprojectMatch2002
OR
microsoftprojectMatch2002sp1
OR
microsoftprojectMatch2003
OR
microsoftprojectMatch2003sp1
OR
microsoftvisioMatch2000sr1enterprise
OR
microsoftvisioMatch2002
OR
microsoftvisioMatch2002professional
OR
microsoftvisioMatch2002sp1
OR
microsoftvisioMatch2002sp2
OR
microsoftvisioMatch2002sp2professional
OR
microsoftvisioMatch2002sp2standard
OR
microsoftvisioMatch2003
OR
microsoftvisioMatch2003professional
OR
microsoftvisioMatch2003standard
OR
microsoftvisioMatch2003sp1
OR
microsoftvisual_studio_.netMatch2002gold
OR
microsoftvisual_studio_.netMatch2003enterprise_architect
OR
microsoftvisual_studio_.netMatch2003gold
OR
microsoftvisual_studio_.netMatchgoldacademic
OR
microsoftvisual_studio_.netMatchgoldenterprise_architect
OR
microsoftvisual_studio_.netMatchgoldenterprise_developer
OR
microsoftvisual_studio_.netMatchgoldprofessional
OR
microsoftvisual_studio_.netMatchgoldtrial
VendorProductVersionCPE
aticatalyst_driver*cpe:2.3:a:ati:catalyst_driver:*:*:*:*:*:*:*:*
microsoft.net_framework1.1cpe:2.3:a:microsoft:.net_framework:1.1:*:*:*:*:*:*:*
microsoft.net_framework1.1cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
microsoft.net_framework1.1cpe:2.3:a:microsoft:.net_framework:1.1:sp2:*:*:*:*:*:*
microsoft.net_framework1.1cpe:2.3:a:microsoft:.net_framework:1.1:sp3:*:*:*:*:*:*
microsoftoffice*cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*
microsoftoffice2000cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:*
microsoftoffice2000cpe:2.3:a:microsoft:office:2000:*:*:ja:*:*:*:*
microsoftoffice2000cpe:2.3:a:microsoft:office:2000:*:*:ko:*:*:*:*
microsoftoffice2000cpe:2.3:a:microsoft:office:2000:*:*:zh:*:*:*:*
Rows per page:
1-10 of 411

References

Social References

More

Related

securityvulns 3
checkpoint_advisories 1
cert 2
nessus 1
exploitdb 1
nvd 3
cvelist 3
cve 2
prion 1
securityvulns
securityvulns
[EEYEB20050915] - MDT2DD.DLL COM Object Uninitialized Heap Memory Vulnerability
2005-10-12 00:00:00
Microsoft Security Bulletin MS05-052 umulative Security Update for Internet Explorer (896688)
2005-10-13 00:00:00
US-CERT Technical Cyber Security Alert TA05-347A -- Microsoft Internet Explorer Vulnerabilities
2005-12-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Design Tools msdds.dll Memory Corruption (MS05-052; CVE-2005-2127)
2009-10-19 00:00:00
cert
cert
Microsoft DDS Library Shape Control (msdds.dll) COM object contains an unspecified vulnerability
2005-08-18 00:00:00
Multiple COM objects cause memory corruption in Microsoft Internet Explorer
2005-08-09 00:00:00
nessus
nessus
MS05-052: Cumulative Security Update for Internet Explorer (896688)
2005-10-11 00:00:00
exploitdb
exploitdb
Microsoft Visual Studio .NET - 'msdds.dll' Remote Code Execution
2005-08-17 00:00:00
nvd
nvd
CVE-2005-2127
2005-08-19 04:00:00
CVE-2005-2831
2005-12-14 11:03:00
CVE-2007-4254
2007-08-08 23:17:00
cvelist
cvelist
CVE-2005-2127
2005-08-19 04:00:00
CVE-2005-2831
2005-12-14 11:00:00
CVE-2007-4254
2007-08-08 23:00:00
cve
cve
CVE-2005-2831
2005-12-14 11:03:00
CVE-2007-4254
2007-08-08 23:17:00
prion
prion
Stack overflow
2007-08-08 23:17:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

High

EPSS

0.613

Percentile

97.8%

JSON
Related for CVE-2005-2127
securityvulns3checkpoint_advisories1cert2nessus1exploitdb1nvd3cvelist3cve2prion1