CVE-2005-2308

Microsoft Internet Explorer - Denial of Service via Crafted JPEG Images

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2308. PoCs published by Michal Zalewski.

AI-analyzed exploit summary The provided content is a vulnerability description for CVE-2005-2308, detailing a DoS vulnerability in Microsoft Internet Explorer's JPEG image rendering library. It references external resources (images) but does not contain executable exploit code.

Description

The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Michal Zalewski · textdoswindows
https://www.exploit-db.com/exploits/25992

The provided content is a vulnerability description for CVE-2005-2308, detailing a DoS vulnerability in Microsoft Internet Explorer's JPEG image rendering library. It references external resources (images) but does not contain executable exploit code.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Theoretical
Reliability
Theoretical
Target: Microsoft Internet Explorer (unspecified version)
No auth needed
Prerequisites: Victim must open a maliciously crafted JPEG image in Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14285
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14286
Exploit x_refsource_misc
http://lcamtuf.coredump.cx/crash
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14284
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/405298

Scores

EPSS 0.1742
EPSS Percentile 96.7%

Details

Status published
Products (1)
microsoft/ie 6.0 sp2
Published Jul 19, 2005
Tracked Since Feb 18, 2026