CVE-2005-2127

Summary

CVE	CVE-2005-2127
State	PUBLISHED
Assigner	microsoft
Source Priority	CVE Program / NVD first with legacy fallback
Published	2005-08-19 04:00:00 UTC
Updated	2025-04-03 01:03:51 UTC
Description	Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."

Risk And Classification

Primary CVSS: v2.0 7.5 from [email protected]

AV:N/AC:L/Au:N/C:P/I:P/A:P

Problem Types: CWE-119 | n/a

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Ati	Catalyst Driver	All	All	All	All
Application	Microsoft	.net Framework	1.1	All	All	All
Application	Microsoft	.net Framework	1.1	sp1	All	All
Application	Microsoft	.net Framework	1.1	sp2	All	All
Application	Microsoft	.net Framework	1.1	sp3	All	All
Application	Microsoft	Office	All	All	All	All
Application	Microsoft	Office	2000	All	All	All
Application	Microsoft	Office	2000	All	All	ja
Application	Microsoft	Office	2000	All	All	ko
Application	Microsoft	Office	2000	All	All	zh
Application	Microsoft	Office	2000	sp1	All	All
Application	Microsoft	Office	2000	sp2	All	All
Application	Microsoft	Office	2000	sp3	All	All
Application	Microsoft	Office	xp	sp1	All	All
Application	Microsoft	Office	xp	sp2	All	All
Application	Microsoft	Office	xp	sp3	All	All
Application	Microsoft	Project	2000	All	All	All
Application	Microsoft	Project	2002	All	All	All
Application	Microsoft	Project	2002	sp1	All	All
Application	Microsoft	Project	2003	All	All	All
Application	Microsoft	Project	2003	sp1	All	All
Application	Microsoft	Project	98	All	All	All
Application	Microsoft	Visio	2000	sr1	All	All
Application	Microsoft	Visio	2002	All	All	All
Application	Microsoft	Visio	2002	All	All	All
Application	Microsoft	Visio	2002	sp1	All	All
Application	Microsoft	Visio	2002	sp2	All	All
Application	Microsoft	Visio	2002	sp2	All	All
Application	Microsoft	Visio	2002	sp2	All	All
Application	Microsoft	Visio	2003	All	All	All
Application	Microsoft	Visio	2003	All	All	All
Application	Microsoft	Visio	2003	All	All	All
Application	Microsoft	Visio	2003	sp1	All	All
Application	Microsoft	Visual Studio .net	2002	gold	All	All
Application	Microsoft	Visual Studio .net	2003	All	All	All
Application	Microsoft	Visual Studio .net	2003	gold	All	All
Application	Microsoft	Visual Studio .net	gold	All	All	All
Application	Microsoft	Visual Studio .net	gold	All	All	All
Application	Microsoft	Visual Studio .net	gold	All	All	All
Application	Microsoft	Visual Studio .net	gold	All	All	All
Application	Microsoft	Visual Studio .net	gold	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
Repository / Oval Repository	af854a3a-2127-422b-91ae-364da2661108	oval.cisecurity.org
US-CERT Vulnerability Note VU#959049	af854a3a-2127-422b-91ae-364da2661108	www.kb.cert.org	Third Party Advisory, US Government Resource
Microsoft Visual Studio .NET msdds.dll Remote Code Execution Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com	Exploit, Patch, Third Party Advisory, VDB Entry
US-CERT Technical Cyber Security Alert TA06-220A -- Microsoft Products Contain Multiple Vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	www.us-cert.gov	Third Party Advisory, US Government Resource
Secunia - Advisories - Nortel CallPilot Multiple Vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Permissions Required, Third Party Advisory
US-CERT Technical Cyber Security Alert TA05-347A -- Microsoft Internet Explorer Vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	www.us-cert.gov	Third Party Advisory, US Government Resource
Secunia - Advisories - Microsoft Windows COM Object Instantiation Memory Corruption Vulnerability	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Patch, Vendor Advisory
US-CERT Vulnerability Note VU#740372	af854a3a-2127-422b-91ae-364da2661108	www.kb.cert.org	Third Party Advisory, US Government Resource
SecurityTracker.com Archives - Microsoft 'msdds.dll' COM Object Lets Remote Users Execute Arbitrary Code	af854a3a-2127-422b-91ae-364da2661108	securitytracker.com	Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
Repository / Oval Repository	af854a3a-2127-422b-91ae-364da2661108	oval.cisecurity.org
IBM X-Force Exchange	af854a3a-2127-422b-91ae-364da2661108	exchange.xforce.ibmcloud.com	VDB Entry
Repository / Oval Repository	af854a3a-2127-422b-91ae-364da2661108	oval.cisecurity.org
Secunia - Advisories - Avaya Various Products Multiple Vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Permissions Required, Third Party Advisory
Secunia - Advisories - Nortel Centrex IP Client Manager Multiple Vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Permissions Required, Third Party Advisory
Repository / Oval Repository	af854a3a-2127-422b-91ae-364da2661108	oval.cisecurity.org
US-CERT Vulnerability Note VU#898241	af854a3a-2127-422b-91ae-364da2661108	www.kb.cert.org	Third Party Advisory, US Government Resource
SecurityReason	af854a3a-2127-422b-91ae-364da2661108	securityreason.com	Third Party Advisory
Microsoft Internet Explorer COM Object Instantiation Variant Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com	Third Party Advisory, VDB Entry
SecurityFocus	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
US-CERT Technical Cyber Security Alert TA05-284A -- Microsoft Windows, Internet Explorer, and Exchange Server Vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	www.us-cert.gov	Third Party Advisory, US Government Resource
Repository / Oval Repository	af854a3a-2127-422b-91ae-364da2661108	oval.cisecurity.org
Your request has been blocked. This could be due to several reasons.	af854a3a-2127-422b-91ae-364da2661108	www.microsoft.com	Mitigation, Patch, Vendor Advisory
IBM X-Force Exchange	af854a3a-2127-422b-91ae-364da2661108	exchange.xforce.ibmcloud.com	VDB Entry
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com	Broken Link
SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System	af854a3a-2127-422b-91ae-364da2661108	isc.sans.org	Third Party Advisory
support.avaya.com/elmodocs2/security/ASA-2005-214.pdf	af854a3a-2127-422b-91ae-364da2661108	support.avaya.com	Third Party Advisory
Repository / Oval Repository	af854a3a-2127-422b-91ae-364da2661108	oval.cisecurity.org
Microsoft Security Bulletin MS05-052 - Critical \| Microsoft Docs	af854a3a-2127-422b-91ae-364da2661108	docs.microsoft.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.