CVE-2005-1990

Microsoft IE - Denial of Service

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1990. PoCs published by FrSIRT.

AI-analyzed exploit summary This is a functional exploit for CVE-2005-1989, targeting a vulnerability in Internet Explorer's COM object instantiation (MS05-038). It uses a heap spray technique to execute a bind shell on port 28876 via the vulnerable 'blnmgr.dll' COM object.

Description

Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087.

Exploits (1)

exploitdb WORKING POC VERIFIED

by FrSIRT · htmlremotewindows

https://www.exploit-db.com/exploits/1144

View Code ZIP pw:eip

This is a functional exploit for CVE-2005-1989, targeting a vulnerability in Internet Explorer's COM object instantiation (MS05-038). It uses a heap spray technique to execute a bind shell on port 28876 via the vulnerable 'blnmgr.dll' COM object.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Internet Explorer 6 on Microsoft Windows XP SP2

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · Vulnerable version of Internet Explorer and Windows

MITRE ATT&CK