| Vulnerability Name: | CVE-2005-1990 (CCN-21307) | ||||||||||||||||||||
| Assigned: | 2005-08-09 | ||||||||||||||||||||
| Published: | 2005-08-09 | ||||||||||||||||||||
| Updated: | 2021-07-23 | ||||||||||||||||||||
| Summary: | Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087. | ||||||||||||||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||||||
| CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P) 4.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
6.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2005-1990 Source: CCN Type: SA16373 Internet Explorer Three Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 16373 Source: CCN Type: SECTRACK ID: 1014643 Microsoft Internet Explorer COM Object Instantiation Bug May Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1014643 Source: CCN Type: CIAC Information Bulletin P-265 Microsoft Cumulative Update for Internet Explorer Source: CCN Type: US-CERT VU#680526 Microsoft Internet Explorer can use any COM object Source: CCN Type: US-CERT VU#959049 Multiple COM objects cause memory corruption in Microsoft Internet Explorer Source: CERT-VN Type: US Government Resource VU#959049 Source: CCN Type: Microsoft Security Bulletin MS05-038 Cumulative Security Update for Internet Explorer (896727) Source: CCN Type: Microsoft Security Bulletin MS05-052 Cumulative Security Update for Internet Explorer (896688) Source: CCN Type: Microsoft Security Bulletin MS05-054 Cumulative Security Update for Internet Explorer (905915) Source: CCN Type: Microsoft Security Bulletin MS06-004 Cumulative Security Update for Internet Explorer (910620) Source: CCN Type: Microsoft Security Bulletin MS06-013 Cumulative Security Update for Internet Explorer (912812) Source: CCN Type: Microsoft Security Bulletin MS06-021 Cumulative Security Update for Internet Explorer (916281) Source: CCN Type: Microsoft Security Bulletin MS06-042 Cumulative Security Update for Internet Explorer (918899) Source: CCN Type: Microsoft Security Bulletin MS06-067 Cumulative Security Update for Internet Explorer (922760) Source: CCN Type: Microsoft Security Bulletin MS06-072 Cumulative Security Update for Internet Explorer (925454) Source: CCN Type: Microsoft Security Bulletin MS07-016 Cumulative Security Update for Internet Explorer (928090) Source: CCN Type: Microsoft Security Bulletin MS07-027 Cumulative Security Update for Internet Explorer (931768) Source: CCN Type: Microsoft Security Bulletin MS07-033 Cumulative Security Update for Internet Explorer (933566) Source: CCN Type: Microsoft Security Bulletin MS07-045 Cumulative Security Update for Internet Explorer (937143) Source: CCN Type: Microsoft Security Bulletin MS07-057 Cumulative Security Update for Internet Explorer (939653) Source: CCN Type: Microsoft Security Bulletin MS07-069 Cumulative Security Update for Internet Explorer (942615) Source: CCN Type: Microsoft Security Bulletin MS08-010 Cumulative Security Update for Internet Explorer (944533) Source: CCN Type: Microsoft Security Bulletin MS08-024 Cumulative Security Update for Internet Explorer (947864) Source: CCN Type: Microsoft Security Bulletin MS08-031 Cumulative Security Update for Internet Explorer (950759) Source: CCN Type: Microsoft Security Bulletin MS08-045 Cumulative Security Update for Internet Explorer (953838) Source: CCN Type: Microsoft Security Bulletin MS08-058 Cumulative Security Update for Internet Explorer (956390) Source: BID Type: UNKNOWN 14511 Source: CCN Type: BID-14511 Microsoft Internet Explorer COM Object Instantiation Buffer Overflow Vulnerability Source: CERT Type: Patch, US Government Resource TA05-221A Source: VUPEN Type: UNKNOWN ADV-2005-1353 Source: MS Type: UNKNOWN MS05-038 Source: CCN Type: IBM Internet Security Systems X-Force Database Microsoft Internet Explorer javaprxy.dll COM object execute code Source: XF Type: UNKNOWN ie-activexloader-bo(21307) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:100082 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1061 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1221 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1235 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1337 | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||