| Vulnerability Name: | CVE-2004-1043 (CCN-18311) | ||||||||||||||||||||
| Assigned: | 2004-11-27 | ||||||||||||||||||||
| Published: | 2004-11-27 | ||||||||||||||||||||
| Updated: | 2021-07-23 | ||||||||||||||||||||
| Summary: | Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability." | ||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N) 3.9 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C)
3.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sat Nov 27 2004 - 17:22:48 CST Microsoft Help ActiveX Control Related Topics Local Content Accessing Vulnerability Source: BUGTRAQ Type: UNKNOWN 20041225 Microsoft Internet Explorer SP2 Fully Automated Remote Compromise Source: CCN Type: BugTraq Mailing List, Sat Dec 25 2004 - 14:31:25 CST Microsoft Internet Explorer SP2 Fully Automated Remote Compromise Source: MITRE Type: CNA CVE-2004-1043 Source: CCN Type: ASA-2005-004 Windows Security Updates for December 2004 - (MS05-001 - MS05-003) Source: CCN Type: CIAC Information Bulletin P-093 HTML Help ActiveX Control Cross Domain Vulnerability Source: CCN Type: US-CERT VU#972415 Microsoft Windows HTML Help ActiveX control does not adequately validate window source Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#972415 Source: CCN Type: Microsoft Security Bulletin MS05-001 Vulnerability in HTML Help Could Allow Code Execution (890175) Source: CCN Type: Microsoft Security Bulletin MS05-026 Vulnerability in HTML Help Could Allow Remote Code Execution (896358) Source: CCN Type: Microsoft Security Bulletin MS06-046 Vulnerability in HTML Help Could Allow Remote Code Execution (922616) Source: CCN Type: Microsoft Security Bulletin MS07-008 Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843) Source: CCN Type: Microsoft Corporation Web site Home Page for Windows XP Home Edition Source: CCN Type: BID-11770 Microsoft Internet Explorer Drag and Drop Vulnerability Source: CCN Type: Technical Cyber Security Alert TA05-012B Microsoft Windows HTML Help ActiveX Contol Cross-Domain Vulnerability Source: CERT Type: Third Party Advisory, US Government Resource TA05-012B Source: MS Type: UNKNOWN MS05-001 Source: XF Type: UNKNOWN ie-helpactivexcontrol-save-file(18311) Source: XF Type: UNKNOWN ie-helpactivexcontrol-save-file(18311) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1349 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1963 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:2830 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:3496 Source: CCN Type: Packet Storm Security [06-26-2018] Microsoft Internet Explorer HTML Help Control 4.74 Bypass | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||