Executive Summary

Summary
Title A COM Object (Javaprxy.dll) Could Cause Internet Explorer to Unexpectedly Exit
Informations
Name KB903144 First vendor Publication 2005-06-30
Vendor Microsoft Last vendor Modification 2005-07-12
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft has completed the investigation into a public report of a vulnerability affecting Internet Explorer. We have issued a security bulletin to address this issue. For more information about this issue, including download links for an available security update, please review the security bulletin.

Original Source

Url : http://www.microsoft.com/technet/security/advisory/903144.mspx

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1326
 
Oval ID: oval:org.mitre.oval:def:1326
Title: IE5.01,SP4 Java Proxy COM Object Instantiation Memory Corruption Vulnerability
Description: Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.
Family: windows Class: vulnerability
Reference(s): CVE-2005-2087
Version: 5
Platform(s): Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1506
 
Oval ID: oval:org.mitre.oval:def:1506
Title: IE6,SP1 Java Proxy COM Object Instantiation Memory Corruption Vulnerability
Description: Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.
Family: windows Class: vulnerability
Reference(s): CVE-2005-2087
Version: 4
Platform(s): Microsoft Windows XP
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1518
 
Oval ID: oval:org.mitre.oval:def:1518
Title: IE6:S03 Java Proxy COM Object Instantiation Memory Corruption Vulnerability
Description: Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.
Family: windows Class: vulnerability
Reference(s): CVE-2005-2087
Version: 7
Platform(s): Microsoft Windows Server 2003
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:793
 
Oval ID: oval:org.mitre.oval:def:793
Title: IE6:XP,SP2 Java Proxy COM Object Instantiation Memory Corruption Vulnerability
Description: Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.
Family: windows Class: vulnerability
Reference(s): CVE-2005-2087
Version: 3
Platform(s): Microsoft Windows XP
Product(s): Microsoft Internet Explorer
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3
Application 8

SAINT Exploits

Description Link
Internet Explorer Javaprxy.dll heap overflow More info here

ExploitDB Exploits

id Description
2005-07-05 MS Internet Explorer (javaprxy.dll) COM Object Remote Exploit

Open Source Vulnerability Database (OSVDB)

Id Description
17680 Microsoft IE JVIEW javaprxy.dll Memory Manipulation Arbitrary Code Execution

Snort® IPS/IDS

Date Description
2014-01-10 javaprxy.dll ActiveX clsid unicode access
RuleID : 9628 - Revision : 7 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer javaprxy.dll COM access
RuleID : 3814 - Revision : 19 - Type : BROWSER-IE

Nessus® Vulnerability Scanner

Date Description
2005-07-12 Name : Arbitrary code can be executed on the remote host through the web client.
File : smb_nt_ms05-037.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2016-06-28 20:08:56
  • Multiple Updates