CVE-2005-2087

Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 5.01 SP4 through 6

Description: The issue allows remote attackers to cause a denial of service, potentially leading to application crashes, and may also enable the execution of arbitrary code. This can be achieved through a web page containing embedded CLSIDs that reference specific COM objects not classified as ActiveX controls. An example of exploitation involves the use of the JVIEW Profiler (Javaprxy.dll).

Recommendations: For Internet Explorer versions 5.01 SP4 through 6, consider disabling the use of COM objects that are not ActiveX controls as a temporary mitigation measure until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.