Skip navigation

Multiple Vulnerabilities in IE

Multiple Vulnerabilities in IE

Reported August 9, 2005 by Microsoft


Windows 98
Windows Me
Windows 2000
Windows XP
Windows Server 2003


Due to a flaw in the way Microsoft Internet Explorer (IE) processes JPEG images, an intruder could launch remote code that might allow him or her to take complete control of the system.

A cross-domain vulnerability with Web Folders could allow a remote intruder to perform a variety of actions, including creating new user accounts, installing programs, or manipulating system data, which might allow the intruder to take complete control of the system.

Due to the way IE tries to instantiate COM objects, memory corruption might occur, which could allow an intruder to take complete control of the system.


Microsoft released Security Bulletin MS05-038, "Cumulative Security Update for Internet Explorer (896727)," and a cumulative update for IE. The update contains all patches released since Microsoft Security Bulletin MS04-004 (February 2, 2004).


Bernhard Mueller and Martin Eiszner of SEC Consult and the NSFOCUS Security Team reported the vulnerabilities with COM objects.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.