QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2004-0549

Back to search

CVE-2004-0549

Published: Jun 15, 2004

Modified: Aug 8, 2024

PUBLISHED

Description

The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.

VendorProductVersions

n/a

n/a

affected
n/a

References

TA04-184A
third-party-advisory
x_refsource_CERT
oval:org.mitre.oval:def:207
vdb-entry
signature
x_refsource_OVAL
TA04-163A
third-party-advisory
x_refsource_CERT
oval:org.mitre.oval:def:1133
vdb-entry
signature
x_refsource_OVAL
VU#713878
third-party-advisory
x_refsource_CERT-VN
20040621 IE/0DAY -> Insider Prototype
mailing-list
x_refsource_BUGTRAQ
MS04-025
vendor-advisory
x_refsource_MS
TA04-212A
third-party-advisory
x_refsource_CERT
20040628 JS.Scob.Trojan Source Code ...
mailing-list
x_refsource_BUGTRAQ
oval:org.mitre.oval:def:519
vdb-entry
signature
x_refsource_OVAL
oval:org.mitre.oval:def:241
vdb-entry
signature
x_refsource_OVAL

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now