CVE-2005-2127

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."

• CWE-119

• http://isc.sans.org/diary.php?date=2005-08-18Third Party Advisory
• http://secunia.com/advisories/16480Patch, Vendor Advisory
• http://secunia.com/advisories/17172Permissions Required, Third Party Advisory
• http://secunia.com/advisories/17223Permissions Required, Third Party Advisory
• http://secunia.com/advisories/17509Permissions Required, Third Party Advisory
• http://securityreason.com/securityalert/72Third Party Advisory
• http://securitytracker.com/id?1014727Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
• http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdfThird Party Advisory
• http://www.kb.cert.org/vuls/id/740372Third Party Advisory, US Government Resource
• http://www.kb.cert.org/vuls/id/898241Third Party Advisory, US Government Resource
• http://www.kb.cert.org/vuls/id/959049Third Party Advisory, US Government Resource
• http://www.microsoft.com/technet/security/advisory/906267.mspxMitigation, Patch, Vendor Advisory
• http://www.securityfocus.com/archive/1/470690/100/0/threaded
• http://www.securityfocus.com/bid/14594Exploit, Patch, Third Party Advisory, VDB Entry
• http://www.securityfocus.com/bid/15061Third Party Advisory, VDB Entry
• http://www.us-cert.gov/cas/techalerts/TA05-284A.htmlThird Party Advisory, US Government Resource
• http://www.us-cert.gov/cas/techalerts/TA05-347A.htmlThird Party Advisory, US Government Resource
• http://www.us-cert.gov/cas/techalerts/TA06-220A.htmlThird Party Advisory, US Government Resource
• http://www.vupen.com/english/advisories/2005/1450Broken Link
• https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-052
• https://exchange.xforce.ibmcloud.com/vulnerabilities/21895VDB Entry
• https://exchange.xforce.ibmcloud.com/vulnerabilities/34754VDB Entry
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1155
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1454
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1464
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1468
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1535
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1538
• http://isc.sans.org/diary.php?date=2005-08-18Third Party Advisory
• http://secunia.com/advisories/16480Patch, Vendor Advisory
• http://secunia.com/advisories/17172Permissions Required, Third Party Advisory
• http://secunia.com/advisories/17223Permissions Required, Third Party Advisory
• http://secunia.com/advisories/17509Permissions Required, Third Party Advisory
• http://securityreason.com/securityalert/72Third Party Advisory
• http://securitytracker.com/id?1014727Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
• http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdfThird Party Advisory
• http://www.kb.cert.org/vuls/id/740372Third Party Advisory, US Government Resource
• http://www.kb.cert.org/vuls/id/898241Third Party Advisory, US Government Resource
• http://www.kb.cert.org/vuls/id/959049Third Party Advisory, US Government Resource
• http://www.microsoft.com/technet/security/advisory/906267.mspxMitigation, Patch, Vendor Advisory
• http://www.securityfocus.com/archive/1/470690/100/0/threaded
• http://www.securityfocus.com/bid/14594Exploit, Patch, Third Party Advisory, VDB Entry
• http://www.securityfocus.com/bid/15061Third Party Advisory, VDB Entry
• http://www.us-cert.gov/cas/techalerts/TA05-284A.htmlThird Party Advisory, US Government Resource
• http://www.us-cert.gov/cas/techalerts/TA05-347A.htmlThird Party Advisory, US Government Resource
• http://www.us-cert.gov/cas/techalerts/TA06-220A.htmlThird Party Advisory, US Government Resource
• http://www.vupen.com/english/advisories/2005/1450Broken Link
• https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-052
• https://exchange.xforce.ibmcloud.com/vulnerabilities/21895VDB Entry
• https://exchange.xforce.ibmcloud.com/vulnerabilities/34754VDB Entry
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1155
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1454
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1464
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1468
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1535
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1538

Published

Aug 19, 2005

Last Modified

Jun 16, 2026

Status

Modified