Back to search
CVE-2004-1043
Published: Dec 31, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
oval:org.mitre.oval:def:1349
vdb-entry
signature
x_refsource_OVAL
oval:org.mitre.oval:def:1963
vdb-entry
signature
x_refsource_OVAL
VU#972415
third-party-advisory
x_refsource_CERT-VN
ie-helpactivexcontrol-save-file(18311)
vdb-entry
x_refsource_XF
20041225 Microsoft Internet Explorer SP2 Fully Automated Remote Compromise
mailing-list
x_refsource_BUGTRAQ
oval:org.mitre.oval:def:2830
vdb-entry
signature
x_refsource_OVAL
MS05-001
vendor-advisory
x_refsource_MS
TA05-012B
third-party-advisory
x_refsource_CERT
oval:org.mitre.oval:def:3496
vdb-entry
signature
x_refsource_OVAL
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now