Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-2308Microsoft IE vulnerability

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
45.8%
top 2.37%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft IE
Timeline
PublishedJul 19
Latest updateMay 1

Description

The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDmicrosoft/ie6.0

🔴Vulnerability Details

2
GHSA
GHSA-fjrq-hqch-7h7q: The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute a2022-05-01
CVEList
CVE-2005-2308: The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute a2005-07-19

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 5.0.1 - '.JPEG' Image Rendering CMP Fencepost Denial of Service2005-07-15
CVE-2005-2308 — Microsoft IE vulnerability | cvebase