CVE-2005-2087

EXPLOITED

Microsoft IE - Resource Management Error

Title source: rule
STIX 2.1

Exploitation Summary

CVE-2005-2087 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including k-otik.

AI-analyzed exploit summary This is a working proof-of-concept exploit for CVE-2005-2087, targeting a vulnerability in Microsoft Internet Explorer's javaprxy.dll COM object. It uses a heap spray technique to execute a bind shell on port 28876.

Description

Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.

Exploits (1)

exploitdb WORKING POC VERIFIED
by k-otik · htmlremotewindows
https://www.exploit-db.com/exploits/1079

This is a working proof-of-concept exploit for CVE-2005-2087, targeting a vulnerability in Microsoft Internet Explorer's javaprxy.dll COM object. It uses a heap spray technique to execute a bind shell on port 28876.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer 5.01 SP3/SP4, 6 SP1, and various Windows versions
No auth needed
Prerequisites: Victim must visit a malicious webpage using a vulnerable version of Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (18)

Core 18
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112006764714946&w=2
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1326
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/959049
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA05-193A.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A793
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/939605
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1014329
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1506
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14087
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/404055
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/21193
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/15891
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/17680
Various Sources third-party-advisory x_refsource_auscert
http://www.auscert.org.au/render.html?it=5225
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/0935
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1518

Scores

EPSS 0.7025
EPSS Percentile 98.7%

Details

VulnCheck KEV 2005-07-12
CWE
CWE-399
Status published
Products (8)
microsoft/ie 5.1
microsoft/ie 5.2.3
microsoft/ie 6 windows_server_2003_sp1
microsoft/internet_explorer 5.1
microsoft/internet_explorer 5.01 sp4
microsoft/internet_explorer 5.5 (4 CPE variants)
microsoft/internet_explorer 6.0
microsoft/internet_explorer 6.0.2900.2180
Published Jul 05, 2005
Tracked Since Feb 18, 2026