Denial of Service Vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6
CVE-2005-2127

Currently unrated

Key Information:

Vendor: Microsoft
Status: .net Framework; Visual Studio .net; Visio; Project
Vendor: CVE Published:; 19 August 2005

Summary

Multiple versions of Microsoft Internet Explorer, specifically 5.01, 5.5, and 6, are susceptible to a denial of service attack, which can lead to application crashes and potentially allow remote attackers to execute arbitrary code. The vulnerability stems from the handling of certain COM objects that are improperly instantiated. Attackers can exploit this weakness by crafting a malicious web page that embeds CLSIDs referencing unsupported COM objects. Notable objects associated with this vulnerability include Msdds.dll and Mshtml.dll, among others. The exploitation of this vulnerability can destabilize the application, exposing users to further malicious activities.

References

http://www.kb.cert.org/vuls/id/959049

third-party-advisoryx_refsource_CERT-VN

http://isc.sans.org/diary.php?date=2005-08-18

x_refsource_MISC

http://www.securityfocus.com/archive/1/470690/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

42% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 19, 2005
Vulnerability Reserved
Jul 2, 2005