Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1043


Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1043
Last Modified 10 Sep 2008 03:28:49
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows Xp


  • Microsoft Ie 6.0


CERT - TA05-012B

CERT-VN - VU#972415

XF - ie-helpactivexcontrol-save-file(18311)

MS - MS05-001

BUGTRAQ - 20041225 Microsoft Internet Explorer SP2 Fully Automated Remote Compromise

Last Updated: 27 May 2016 10:38:52