Vulnerabilities > CVE-2005-2831 - Unspecified vulnerability in Microsoft IE and Internet Explorer
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 11 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS05-054.NASL |
description | The remote host is missing IE Cumulative Security Update 905915. The remote version of IE is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 20299 |
published | 2005-12-13 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/20299 |
title | MS05-054: Cumulative Security Update for Internet Explorer (905915) |
code |
|
Oval
accepted 2014-02-24T04:00:16.498-05:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Jonathan Baker organization The MITRE Corporation name Dragos Prisaca organization Gideon Technologies, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
description Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127. family windows id oval:org.mitre.oval:def:1426 status accepted submitted 2005-12-13T12:00:00.000-04:00 title WinXP,SP2 COM Object Instantiation Memory Corruption Vulnerability version 72 accepted 2014-02-24T04:00:17.833-05:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Jonathan Baker organization The MITRE Corporation name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
description Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127. family windows id oval:org.mitre.oval:def:1475 status accepted submitted 2005-12-13T12:00:00.000-04:00 title Server 2003 COM Object Instantiation Memory Corruption Vulnerability version 70 accepted 2014-02-24T04:00:19.264-05:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Jonathan Baker organization The MITRE Corporation name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
description Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127. family windows id oval:org.mitre.oval:def:1520 status accepted submitted 2005-12-13T12:00:00.000-04:00 title WinXP,SP1 (64-bit) COM Object Instantiation Memory Corruption Vulnerability version 71 accepted 2014-02-24T04:00:19.687-05:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Jonathan Baker organization The MITRE Corporation name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
description Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127. family windows id oval:org.mitre.oval:def:1543 status accepted submitted 2005-12-13T12:00:00.000-04:00 title Server 2003,SP1 COM Object Instantiation Memory Corruption Vulnerability version 71 accepted 2014-02-24T04:00:19.872-05:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Anna Min organization BigFix, Inc name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
description Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127. family windows id oval:org.mitre.oval:def:1558 status accepted submitted 2005-12-13T12:00:00.000-04:00 title Win2K,SP4 COM Object Instantiation Memory Corruption Vulnerability version 71 accepted 2014-02-24T04:00:20.822-05:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
description Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127. family windows id oval:org.mitre.oval:def:1597 status accepted submitted 2005-12-13T12:00:00.000-04:00 title Win2K/XP,SP1 COM Object Instantiation Memory Corruption Vulnerability version 71
References
- http://www.us-cert.gov/cas/techalerts/TA05-347A.html
- http://www.securityfocus.com/bid/15827
- http://securitytracker.com/id?1015348
- http://secunia.com/advisories/15368
- http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf
- http://secunia.com/advisories/18064
- http://secunia.com/advisories/18311
- http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420
- http://www.osvdb.org/21763
- http://www.kb.cert.org/vuls/id/959049
- http://www.vupen.com/english/advisories/2005/2909
- http://www.vupen.com/english/advisories/2005/2867
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23453
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1597
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1558
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1543
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1520
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1475
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1426
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054