Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-2087Microsoft Internet Explorer vulnerability

CWE-3995 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
65.3%
top 1.51%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedJul 5
Latest updateMay 1

Description

Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDmicrosoft/internet_explorer5 versions+4
NVDmicrosoft/ie5.1, 5.2.3, 6+2

🔴Vulnerability Details

3
GHSA
GHSA-rfj5-j343-wwwp: Internet Explorer 52022-05-01
CVEList
CVE-2005-2087: Internet Explorer 52005-06-30
VulnCheck
Microsoft IE 5.01 SP4 up to 6 javaprxy.dll COM Instantiation Heap Corruption Vulnerability2005

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote Overflow2005-07-05
CVE-2005-2087 — Microsoft vulnerability | cvebase