Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0838


Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0838
Last Modified 10 Sep 2008 03:20:38
Published 17 Nov 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe).

Vulnerable Systems


  • Microsoft Ie 5.0.1

  • Microsoft Ie 5.5

  • Microsoft Ie 6.0


MS - MS03-040


BUGTRAQ - 20030907 BAD NEWS: Microsoft Security Bulletin MS03-032

XF - ie-popup-code-execution(13314)

BID - 8556

OSVDB - 7872

NTBUGTRAQ - 20031001 DNS/Hosts file issues

BUGTRAQ - 20030908 Temporary Fix for IE Zero Day Malware RE: BAD NEWS: Microsoft Security Bulletin MS03-032

Last Updated: 27 May 2016 10:38:04