CVE-2005-1990

Name of the Vulnerable Software and Affected Versions Internet Explorer versions 5.0 through 6.0

Description The issue allows remote attackers to cause a denial of service, potentially leading to the execution of arbitrary code, via a web page with embedded CLSIDs referencing certain COM objects. This results in memory corruption due to the instantiation of these COM objects, including those from various DLL files such as devenum.dll, diactfrm.dll, wmm2filt.dll, fsusd.dll, dmdskmgr.dll, browsewm.dll, browseui.dll, shell32.dll, mshtml.dll, inetcfg.dll, infosoft.dll, query.dll, syncui.dll, clbcatex.dll, clbcatq.dll, comsvcs.dll, and msconf.dll.

Recommendations For Internet Explorer versions 5.0 through 6.0, consider disabling the instantiation of COM objects from the mentioned DLL files as a temporary workaround until a patch is available. Restrict access to web pages that could potentially exploit this issue to minimize the risk of memory corruption and arbitrary code execution.