CVE-2005-1988

Internet Explorer <6.0 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-1988. PoCs published by Michal Zalewski.

AI-analyzed exploit summary This is a vulnerability writeup describing a buffer overflow in Microsoft Internet Explorer's JPEG rendering library (CVE-2005-1988). It lacks executable exploit code but references a malicious JPEG file (25992-1.jpg) hosted externally.

Description

Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".

Exploits (2)

exploitdb WRITEUP VERIFIED
by Michal Zalewski · textdoswindows
https://www.exploit-db.com/exploits/25991

This is a vulnerability writeup describing a buffer overflow in Microsoft Internet Explorer's JPEG rendering library (CVE-2005-1988). It lacks executable exploit code but references a malicious JPEG file (25992-1.jpg) hosted externally.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Microsoft Internet Explorer (unspecified versions)
No auth needed
Prerequisites: Victim must open a malicious JPEG file in a vulnerable version of Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
htmlremotewindows
https://www.exploit-db.com/exploits/1144

This is a functional exploit for CVE-2005-1988, targeting a vulnerability in Internet Explorer's COM object instantiation (MS05-038). It uses a heap spray technique to execute a bind shell on port 28876 via the vulnerable 'blnmgr.dll' COM object.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Internet Explorer 6 on Microsoft Windows XP SP2
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Internet Explorer 6 with vulnerable COM objects present
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (9)

Core 9
Core References
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16373/
Patch, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/965206
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1335
Patch, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA05-221A.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A390
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1140
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1216
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/1353

Scores

EPSS 0.8344
EPSS Percentile 99.3%

Details

Status published
Products (3)
microsoft/ie 6 windows_server_2003_sp1
microsoft/internet_explorer 5.01
microsoft/internet_explorer 5.5
Published Aug 10, 2005
Tracked Since Feb 18, 2026