Oval Definition:oval:org.mitre.oval:def:204
Revision Date:2014-02-24Version:45
Title:IE ActiveX Popup Zone Restriction Bypass
Description:Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe).
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2003-0838
Platform(s):Microsoft Windows 2000
Product(s):
Definition Synopsis
  • Software section
  • Internet Explorer 6.0 or IE 6.0 SP1 is installed
  • Internet Explorer 6 is installed
  • OR Internet Explorer 6 Service Pack 1 is installed
  • AND the version of mshtml.dll is less than 6.0.2800.1264
  • AND NOT the patch q828750 is installed (Installed Components key)
  • AND NOT the patch q824145 is installed (Installed Components key)
  • AND Configuration section
  • ActiveX controls are enabled
  • current user settings are being used and ActiveX controls are enabled
  • NOT use machine settings rather than individual user settings
  • AND ActiveX controls are enabled for the current user
  • OR local machine settings are being used and ActiveX controls are enabled
  • use machine settings rather than individual user settings
  • AND ActiveX controls are enabled for the local machine
  • AND .hta applications are enabled
    • BACK