CVE-2005-2127
Gravedad CVSS v2.0:
ALTA
Tipo:
CWE-119
Restricción de operaciones inapropiada dentro de los límites del búfer de la memoria
Fecha de publicación:
19/08/2005
Última modificación:
03/04/2025
Descripción
*** Pendiente de traducción *** Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."
Impacto
Puntuación base 2.0
7.50
Gravedad 2.0
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:ati:catalyst_driver:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:.net_framework:1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:.net_framework:1.1:sp2:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:.net_framework:1.1:sp3:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:office:2000:*:*:ja:*:*:*:* | ||
| cpe:2.3:a:microsoft:office:2000:*:*:ko:*:*:*:* | ||
| cpe:2.3:a:microsoft:office:2000:*:*:zh:*:*:*:* | ||
| cpe:2.3:a:microsoft:office:2000:sp1:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:office:2000:sp2:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:office:xp:sp1:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:office:xp:sp2:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://isc.sans.org/diary.php?date=2005-08-18
- http://secunia.com/advisories/16480
- http://secunia.com/advisories/17172
- http://secunia.com/advisories/17223
- http://secunia.com/advisories/17509
- http://securityreason.com/securityalert/72
- http://securitytracker.com/id?1014727=
- http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
- http://www.kb.cert.org/vuls/id/740372
- http://www.kb.cert.org/vuls/id/898241
- http://www.kb.cert.org/vuls/id/959049
- http://www.microsoft.com/technet/security/advisory/906267.mspx
- http://www.securityfocus.com/archive/1/470690/100/0/threaded
- http://www.securityfocus.com/bid/14594
- http://www.securityfocus.com/bid/15061
- http://www.us-cert.gov/cas/techalerts/TA05-284A.html
- http://www.us-cert.gov/cas/techalerts/TA05-347A.html
- http://www.us-cert.gov/cas/techalerts/TA06-220A.html
- http://www.vupen.com/english/advisories/2005/1450
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-052
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21895
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34754
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1155
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1454
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1464
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1468
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1535
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1538
- http://isc.sans.org/diary.php?date=2005-08-18
- http://secunia.com/advisories/16480
- http://secunia.com/advisories/17172
- http://secunia.com/advisories/17223
- http://secunia.com/advisories/17509
- http://securityreason.com/securityalert/72
- http://securitytracker.com/id?1014727=
- http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
- http://www.kb.cert.org/vuls/id/740372
- http://www.kb.cert.org/vuls/id/898241
- http://www.kb.cert.org/vuls/id/959049
- http://www.microsoft.com/technet/security/advisory/906267.mspx
- http://www.securityfocus.com/archive/1/470690/100/0/threaded
- http://www.securityfocus.com/bid/14594
- http://www.securityfocus.com/bid/15061
- http://www.us-cert.gov/cas/techalerts/TA05-284A.html
- http://www.us-cert.gov/cas/techalerts/TA05-347A.html
- http://www.us-cert.gov/cas/techalerts/TA06-220A.html
- http://www.vupen.com/english/advisories/2005/1450
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-052
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21895
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34754
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1155
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1454
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1464
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1468
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1535
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1538