ID CVE-2004-1043
Summary Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
CVSS
Base: 5.0 (as of 12-10-2018 - 21:35)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
oval via4
  • accepted 2005-06-01T03:30:00.000-04:00
    class vulnerability
    contributors
    name Matthew Burton
    organization The MITRE Corporation
    description Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1349
    status accepted
    submitted 2005-03-30T12:00:00.000-04:00
    title Server 2003 IE HTML Help ActiveX control Cross Domain Vulnerability
    version 63
  • accepted 2011-05-16T04:02:10.588-04:00
    class vulnerability
    contributors
    • name Matthew Burton
      organization The MITRE Corporation
    • name Brendan Miles
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1963
    status accepted
    submitted 2005-03-30T12:00:00.000-04:00
    title Windows XP IE HTML Help ActiveX control Cross Domain Vulnerability
    version 69
  • accepted 2005-05-04T12:33:00.000-04:00
    class vulnerability
    contributors
    • name Matthew Burton
      organization The MITRE Corporation
    • name Matthew Burton
      organization The MITRE Corporation
    • name Matthew Burton
      organization The MITRE Corporation
    description Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."
    family windows
    id oval:org.mitre.oval:def:2830
    status accepted
    submitted 2005-02-10T12:00:00.000-04:00
    title Windows 2000 IE HTML Help ActiveX control Cross Domain Vulnerability
    version 63
  • accepted 2008-03-24T04:00:29.486-04:00
    class vulnerability
    contributors
    • name Matthew Burton
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Jonathan Baker
      organization The MITRE Corporation
    definition_extensions
    comment Microsoft Windows NT is installed
    oval oval:org.mitre.oval:def:36
    description Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."
    family windows
    id oval:org.mitre.oval:def:3496
    status accepted
    submitted 2005-03-30T12:00:00.000-04:00
    title Windows NT IE HTML Help ActiveX control Cross Domain Vulnerability
    version 69
refmap via4
bugtraq 20041225 Microsoft Internet Explorer SP2 Fully Automated Remote Compromise
cert TA05-012B
cert-vn VU#972415
ms MS05-001
xf ie-helpactivexcontrol-save-file(18311)
Last major update 12-10-2018 - 21:35
Published 31-12-2004 - 05:00
Back to Top