Vulnerability Description
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Explorer | 6.0 |
| Microsoft | Windows Xp | All versions |
References
- http://archives.neohapsis.com/archives/bugtraq/2004-12/0426.html
- http://www.kb.cert.org/vuls/id/972415Third Party AdvisoryUS Government Resource
- http://www.us-cert.gov/cas/techalerts/TA05-012B.htmlThird Party AdvisoryUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-00
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18311
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://archives.neohapsis.com/archives/bugtraq/2004-12/0426.html
- http://www.kb.cert.org/vuls/id/972415Third Party AdvisoryUS Government Resource
- http://www.us-cert.gov/cas/techalerts/TA05-012B.htmlThird Party AdvisoryUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-00
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18311
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2004-1043?
CVE-2004-1043 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window con...
How severe is CVE-2004-1043?
CVE-2004-1043 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1043?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Explorer, Microsoft Windows Xp.