Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2087

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2087
Last Modified 07 Mar 2011 12:00:00
Published 05 Jul 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2087

Summary

Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.

Vulnerable Systems

Application

  • Microsoft Ie 5.01

  • Microsoft Ie 5.1

  • Microsoft Ie 5.2.3

  • Microsoft Ie 5.5

  • Microsoft Ie 6

  • Microsoft Ie 6.0

  • Microsoft Ie 6.0.2900.2180


References

CERT - TA05-193A

CERT-VN - VU#959049

CERT-VN - VU#939605

XF - ie-javaprxydll-execute-code(21193)

VUPEN - ADV-2005-0935

BID - 14087

BUGTRAQ - 20050702 Microsoft Internet Explorer

OSVDB - 17680

MS - MS05-037

MISC - http://www.microsoft.com/technet/security/advisory/903144.mspx

AUSCERT - ESB-2005.0489

SECTRACK - 1014329

SECUNIA - 15891

BUGTRAQ - 20050629 SEC-CONSULT SA-20050629-0

BUGTRAQ - 20050702 Microsoft Internet Explorer "javaprxy.dll" Code Execution Exploit


Last Updated: 27 May 2016 10:38:11