CVE-2005-1790

EXPLOITED

Microsoft Internet Explorer - Resource Management Error

Title source: rule

Description

Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability."

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/18365

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Benjamin Tobias Franz, Stuart Pearson, Sam Sharps · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms05_054_onload.rb

View Code ZIP pw:eip

References (24)

[Mailing List] http://marc.info/?l=bugtraq&m=111746394106172&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=111755552306013&w=2

[Vendor Advisory] http://secunia.com/advisories/15368

[Vendor Advisory] http://secunia.com/advisories/15546

[Vendor Advisory] http://secunia.com/advisories/18064

[Vendor Advisory] http://secunia.com/advisories/18311

[Vendor Advisory] http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf

[Various Sources] http://www.computerterrorism.com/research/ie/ct21-11-2005

[US Government Resource] http://www.kb.cert.org/vuls/id/887861

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA05-347A.html

[Vendor Advisory] http://www.vupen.com/english/advisories/2005/2509

[Vendor Advisory] http://www.vupen.com/english/advisories/2005/2867

[Vendor Advisory] http://www.vupen.com/english/advisories/2005/2909

[Various Sources] http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/417326/30/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/13799

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1091

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1299

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1303

... and 4 more

Scores

EPSS 0.8164

EPSS Percentile 99.2%

Details

VulnCheck KEV 2005-12-13

CWE

CWE-399

Status published

Products (2)

microsoft/internet_explorer 6.0.2800.1106

microsoft/internet_explorer 6.0.2900.2180

Published Jun 01, 2005

Tracked Since Feb 18, 2026