Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-1990 — Microsoft Internet Explorer vulnerability

6 documents5 sources

Severity

5.1MEDIUMNVD

EPSS

82.2%

top 0.78%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft IE Microsoft Internet Explorer

Timeline

PublishedAug 10

Latest updateMay 1

Description

Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll,…

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/internet_explorer5.01, 5.5+1

▶NVDmicrosoft/ie6

Patches

Patch: secunia.com ↗Patch: www.us-cert.gov ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-pgqj-26qf-9f3x: Internet Explorer 5↗2022-05-01

▶

CVEList

CVE-2005-1990: Internet Explorer 5↗2005-08-10

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer - 'blnmgr.dll' COM Object Remote (MS05-038)↗2005-08-09

▶