CVE-2005-2087

Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.

Published: Jul 5, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-2087
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
microsoft / ie	5.2.3	5.2.3.x
microsoft / ie	5.1	5.1.x
microsoft / internet_explorer	5.01-sp4	5.01-sp4.x
microsoft / ie	6-windows_server_2003_sp1	6-windows_server_2003_sp1.x
microsoft / internet_explorer	5.5-sp2	5.5-sp2.x
microsoft / internet_explorer	5.5	5.5.x
microsoft / internet_explorer	5.1	5.1.x
microsoft / internet_explorer	5.5-preview	5.5-preview.x
microsoft / internet_explorer	5.5-sp1	5.5-sp1.x
microsoft / internet_explorer	6.0	6.0.x
microsoft / internet_explorer	6.0.2900.2180	6.0.2900.2180.x

Vulnerability Database

290,278

CVE-2005-2087