CVE-2005-1790

EXPLOITED

Microsoft Internet Explorer 6.0.2900.2180 and 6.0.2800.1106 - Remote Code Execution via JavaScript BODY onload Event

Title source: llm

Exploitation Summary

CVE-2005-1790 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including Metasploit, Benjamin Tobias Franz, Stuart Pearson, Sam Sharps, including a Metasploit module exploits/windows/browser/ms05_054_onload.

AI-analyzed exploit summary This exploit targets a vulnerability in Microsoft Internet Explorer 6 (CVE-2005-1790) by leveraging a JavaScript 'onLoad' handler and improperly initialized 'window()' function to achieve remote code execution via heap spraying and shellcode injection.

Description

Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability."

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/18365

View Code ZIP pw:eip

This exploit targets a vulnerability in Microsoft Internet Explorer 6 (CVE-2005-1790) by leveraging a JavaScript 'onLoad' handler and improperly initialized 'window()' function to achieve remote code execution via heap spraying and shellcode injection.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Microsoft Internet Explorer 6 on Windows XP/2000

No auth needed

Prerequisites: Internet Explorer 6 with popups enabled · User interaction to visit malicious page

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Benjamin Tobias Franz, Stuart Pearson, Sam Sharps · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms05_054_onload.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2005-1790, a vulnerability in Microsoft Internet Explorer 6 where improper handling of JavaScript 'onLoad' events with the 'window()' function leads to remote code execution. The exploit uses heap spraying and crafted prompts to achieve arbitrary code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Internet Explorer 6 on Windows XP/2000

No auth needed

Prerequisites: Target must be using Internet Explorer 6 on Windows XP or 2000 · Popups must be allowed in Internet Explorer

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (24)

Core 24

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/18064

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/15546

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1508

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1489

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/13799

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/887861

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=111746394106172&w=2

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/417326/30/0/threaded

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA05-347A.html

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=111755552306013&w=2

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1303

Various Sources x_refsource_misc

http://www.computerterrorism.com/research/ie/ct21-11-2005

Vendor Advisory x_refsource_confirm

http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/15368

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2005/2909

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1299

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/18311

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A722

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2005/2867

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2005/2509

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1091

Various Sources x_refsource_misc

http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1015251

Scores

EPSS 0.8164

EPSS Percentile 99.2%

Details

VulnCheck KEV 2005-12-13

CWE

CWE-399

Status published

Products (2)

microsoft/internet_explorer 6.0.2800.1106

microsoft/internet_explorer 6.0.2900.2180

Published Jun 01, 2005

Tracked Since Feb 18, 2026