ID CVE-2004-0549
Summary The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.
References
Vulnerable Configurations
  • Microsoft Internet Explorer
    cpe:2.3:a:microsoft:ie
  • Microsoft Internet Explorer 5.01
    cpe:2.3:a:microsoft:ie:5.01
  • Microsoft ie 5.5
    cpe:2.3:a:microsoft:ie:5.5
  • Microsoft Internet Explorer 6.0
    cpe:2.3:a:microsoft:ie:6.0
CVSS
Base: 10.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description MS Internet Explorer Remote Wscript.Shell Exploit. CVE-2004-0549. Remote exploit for windows platform
id EDB-ID:316
last seen 2016-01-31
modified 2004-07-13
published 2004-07-13
reporter Ferruh Mavituna
source https://www.exploit-db.com/download/316/
title Microsoft Internet Explorer Remote Wscript.Shell Exploit
oval via4
  • accepted 2014-02-24T04:00:08.969-05:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.
    family windows
    id oval:org.mitre.oval:def:1133
    status accepted
    submitted 2004-07-30T12:00:00.000-04:00
    title Scob and Toofer Internet Explorer v6.0,SP1 Vulnerabilities
    version 67
  • accepted 2014-02-24T04:00:31.742-05:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.
    family windows
    id oval:org.mitre.oval:def:207
    status accepted
    submitted 2004-07-30T12:00:00.000-04:00
    title Scob and Toofer Internet Explorer v6.0,SP1 for Server 2003 Vulnerabilities
    version 68
  • accepted 2014-02-24T04:03:12.690-05:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.
    family windows
    id oval:org.mitre.oval:def:241
    status accepted
    submitted 2004-07-30T12:00:00.000-04:00
    title Scob and Toofer Internet Explorer v5.5,SP2 Vulnerabilities
    version 65
  • accepted 2014-02-24T04:03:21.607-05:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.
    family windows
    id oval:org.mitre.oval:def:519
    status accepted
    submitted 2004-07-30T04:00:00.000-04:00
    title Scob and Toofer Internet Explorer v6.0 Vulnerabilities
    version 66
refmap via4
bugtraq
  • 20040621 IE/0DAY -> Insider Prototype
  • 20040628 JS.Scob.Trojan Source Code ...
cert
  • TA04-163A
  • TA04-184A
  • TA04-212A
cert-vn VU#713878
fulldisc
  • 20040602 180 Solutions Exploits and Toolbars Hacking Patched Users(I.E Exploits)
  • 20040606 Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan)
misc
ms MS04-025
xf ie-location-restriction-bypass(16348)
Last major update 17-10-2016 - 22:46
Published 06-08-2004 - 00:00
Last modified 12-10-2018 - 17:34
Back to Top