CVE-2005-1990

CVE Database · CVE-2005-1990

CVE-2005-1990

· N/AModified

CVSS v3.1

N/A

EPSS

48.51%

Published

Aug 10, 2005

Modified

Apr 15, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft Internet Explorer - 'blnmgr.dll' COM Object Remote (MS05-038)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087.

Affected Products (3)

microsoft · ievulnerable

microsoft · internet_explorervulnerable

References (20)

http://secunia.com/advisories/16373/

PatchVendor Advisory

http://securitytracker.com/id?1014643

http://www.kb.cert.org/vuls/id/959049

US Government Resource

http://www.securityfocus.com/bid/14511

http://www.us-cert.gov/cas/techalerts/TA05-221A.html

PatchUS Government Resource

http://www.vupen.com/english/advisories/2005/1353

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082

KEV Catalog EPSS Scores Vendors All CVEs