Vulnerabilities > CVE-2005-1988 - Unspecified vulnerability in Microsoft IE and Internet Explorer

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
microsoft
nessus
exploit available
NVD
Published: 2005-08-10
Updated: 2021-07-23

Summary

Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".

Vulnerable Configurations

Part Description Count
Application
Microsoft
3

Exploit-Db

  • descriptionMicrosoft Internet Explorer 5.0.1 JPEG Image Rendering Unspecified Buffer Overflow Vulnerability. CVE-2005-1988. Dos exploit for windows platform
    idEDB-ID:25991
    last seen2016-02-03
    modified2005-07-15
    published2005-07-15
    reporterMichal Zalewski
    sourcehttps://www.exploit-db.com/download/25991/
    titleMicrosoft Internet Explorer 5.0.1 JPEG Image Rendering Unspecified Buffer Overflow Vulnerability
  • descriptionMS Internet Explorer (blnmgr.dll) COM Object Remote Exploit (MS05-038). CVE-2005-1988,CVE-2005-1989,CVE-2005-1990. Remote exploit for windows platform
    idEDB-ID:1144
    last seen2016-01-31
    modified2005-08-09
    published2005-08-09
    reporterFrSIRT
    sourcehttps://www.exploit-db.com/download/1144/
    titleMicrosoft Internet Explorer blnmgr.dll COM Object Remote Exploit MS05-038

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS05-038.NASL
descriptionThe remote host contains a version of the Internet Explorer that is vulnerable to multiple security flaws (JPEG Rendering, Web Folder, COM Object) that could allow an attacker to execute arbitrary code on the remote host by constructing a malicious web page and entice a victim to visit this web page.
last seen2020-06-01
modified2020-06-02
plugin id19401
published2005-08-09
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/19401
titleMS05-038: Cumulative Security Update for Internet Explorer (896727)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(19401);
 script_version("1.55");
 script_cvs_date("Date: 2018/11/15 20:50:29");

 script_cve_id("CVE-2005-1988","CVE-2005-1989","CVE-2005-1990");
 script_bugtraq_id(14511, 14512, 14515);
 script_xref(name:"MSFT", value:"MS05-038");
 script_xref(name:"CERT", value:"959049");
 script_xref(name:"CERT", value:"965206");
 script_xref(name:"EDB-ID", value:"25991");
 script_xref(name:"MSKB", value:"896727");

 script_name(english:"MS05-038: Cumulative Security Update for Internet Explorer (896727)");
 script_summary(english:"Determines the presence of update 896727");

 script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host through the web
client.");
 script_set_attribute(attribute:"description", value:
"The remote host contains a version of the Internet Explorer that is
vulnerable to multiple security flaws (JPEG Rendering, Web Folder, COM
Object) that could allow an attacker to execute arbitrary code on the
remote host by constructing a malicious web page and entice a victim to
visit this web page.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2005/ms05-038");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 2000, XP and
2003.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploit_framework_core", value:"true");

 script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/09");
 script_set_attribute(attribute:"patch_publication_date", value:"2005/08/09");
 script_set_attribute(attribute:"plugin_publication_date", value:"2005/08/09");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');

 exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS05-038';
kb = '896727';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win2k:'4,5', xp:'1,2', win2003:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  hotfix_is_vulnerable(os:"5.2", sp:0, file:"Mshtml.dll", version:"6.0.3790.373", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", sp:1, file:"Mshtml.dll", version:"6.0.3790.2491", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:1, file:"Mshtml.dll", version:"6.0.2800.1515", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:2, file:"Mshtml.dll", version:"6.0.2900.2722", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.0", file:"Mshtml.dll", version:"6.0.2800.1515", min_version:"6.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.0", file:"Mshtml.dll", version:"5.0.3831.1800", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  set_kb_item(name:"SMB/Registry/HKLM/SOFTWARE/Microsoft/Updates/KB896727", value:TRUE);
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}

Oval

  • accepted2014-02-24T04:00:09.128-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionUnknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".
    familywindows
    idoval:org.mitre.oval:def:1140
    statusaccepted
    submitted2005-08-23T04:00:00.000-04:00
    titleIE6,SP1 JPEG Image Rendering Memory Corruption Vulnerability
    version67
  • accepted2014-02-24T04:00:10.820-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionUnknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".
    familywindows
    idoval:org.mitre.oval:def:1216
    statusaccepted
    submitted2005-08-23T04:00:00.000-04:00
    titleIE6 Server 2003 JPEG Image Rendering Memory Corruption Vulnerability
    version72
  • accepted2014-02-24T04:00:14.793-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionUnknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".
    familywindows
    idoval:org.mitre.oval:def:1335
    statusaccepted
    submitted2005-08-23T04:00:00.000-04:00
    titleIE6 for XP,SP2 JPEG Image Rendering Memory Corruption Vulnerability
    version67
  • accepted2014-02-24T04:03:17.280-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionUnknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".
    familywindows
    idoval:org.mitre.oval:def:390
    statusaccepted
    submitted2005-08-23T04:00:00.000-04:00
    titleIE5.01,SP4 JPEG Image Rendering Memory Corruption Vulnerability
    version68

References