ID CVE-2004-0549
Summary The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:ie:*:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:*:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 12-10-2018 - 21:34)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2014-02-24T04:00:08.969-05:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.
    family windows
    id oval:org.mitre.oval:def:1133
    status accepted
    submitted 2004-07-30T12:00:00.000-04:00
    title Scob and Toofer Internet Explorer v6.0,SP1 Vulnerabilities
    version 68
  • accepted 2014-02-24T04:00:31.742-05:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.
    family windows
    id oval:org.mitre.oval:def:207
    status accepted
    submitted 2004-07-30T12:00:00.000-04:00
    title Scob and Toofer Internet Explorer v6.0,SP1 for Server 2003 Vulnerabilities
    version 69
  • accepted 2014-02-24T04:03:12.690-05:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.
    family windows
    id oval:org.mitre.oval:def:241
    status accepted
    submitted 2004-07-30T12:00:00.000-04:00
    title Scob and Toofer Internet Explorer v5.5,SP2 Vulnerabilities
    version 66
  • accepted 2014-02-24T04:03:21.607-05:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.
    family windows
    id oval:org.mitre.oval:def:519
    status accepted
    submitted 2004-07-30T04:00:00.000-04:00
    title Scob and Toofer Internet Explorer v6.0 Vulnerabilities
    version 67
refmap via4
bugtraq
  • 20040621 IE/0DAY -> Insider Prototype
  • 20040628 JS.Scob.Trojan Source Code ...
cert
  • TA04-163A
  • TA04-184A
  • TA04-212A
cert-vn VU#713878
fulldisc
  • 20040602 180 Solutions Exploits and Toolbars Hacking Patched Users(I.E Exploits)
  • 20040606 Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan)
misc
xf ie-location-restriction-bypass(16348)
Last major update 12-10-2018 - 21:34
Published 06-08-2004 - 04:00
Last modified 12-10-2018 - 21:34
Back to Top