QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2005-1990

Back to search

CVE-2005-1990

Published: Aug 10, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087.

VendorProductVersions

n/a

n/a

affected
n/a

References

oval:org.mitre.oval:def:1235
vdb-entry
signature
x_refsource_OVAL
VU#959049
third-party-advisory
x_refsource_CERT-VN
14511
vdb-entry
x_refsource_BID
oval:org.mitre.oval:def:1061
vdb-entry
signature
x_refsource_OVAL
16373
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:1221
vdb-entry
signature
x_refsource_OVAL
TA05-221A
third-party-advisory
x_refsource_CERT
oval:org.mitre.oval:def:100082
vdb-entry
signature
x_refsource_OVAL
MS05-038
vendor-advisory
x_refsource_MS
oval:org.mitre.oval:def:1337
vdb-entry
signature
x_refsource_OVAL
1014643
vdb-entry
x_refsource_SECTRACK
ADV-2005-1353
vdb-entry
x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now