Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-2127Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft NET Framework

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
7.5HIGHNVD
EPSS
42.0%
top 2.56%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Microsoft NET FrameworkMicrosoft OfficeMicrosoft Project+2 more
Timeline
PublishedAug 19
Latest updateMay 1

Description

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (a

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages5 packages

NVDmicrosoft/visio2000, 2002, 2003+2
NVDmicrosoft/office2000, xp+1
NVDmicrosoft/project4 versions+3
NVDmicrosoft/visual_studio_net2002, 2003, gold+2

Patches

Patch: secunia.comPatch: securitytracker.comPatch: www.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-hfcp-c62f-pjm6: Microsoft Internet Explorer 52022-05-01
CVEList
CVE-2005-2127: Microsoft Internet Explorer 52005-08-19
VulnCheck
ati catalyst_driver Improper Restriction of Operations within the Bounds of a Memory Buffer2005

💥Exploits & PoCs

1
Exploit-DB
Microsoft Visual Studio .NET - 'msdds.dll' Remote Code Execution2005-08-17
CVE-2005-2127 — Microsoft NET Framework vulnerability | cvebase