Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1043

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1043
Last Modified 10 Sep 2008 03:28:49
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1043

Summary

Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows Xp

Application

  • Microsoft Ie 6.0


References

CERT - TA05-012B

CERT-VN - VU#972415

XF - ie-helpactivexcontrol-save-file(18311)

MS - MS05-001

BUGTRAQ - 20041225 Microsoft Internet Explorer SP2 Fully Automated Remote Compromise


Last Updated: 27 May 2016 10:38:52