CVE-2004-1043
Last modified
CVE-2004-1043 is a vulnerability of currently unknown severity. Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability.". EPSS estimates a 44.98% chance of exploitation in the next 30 days.
Description
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."
Metrics
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Internet Explorer | 6.0 | — |
| Microsoft | Windows Xp | All versions | Sp2 |
References
- http://www.kb.cert.org/vuls/id/972415Third Party Advisory, US Government Resource
- http://www.us-cert.gov/cas/techalerts/TA05-012B.htmlThird Party Advisory, US Government Resource
- http://www.kb.cert.org/vuls/id/972415Third Party Advisory, US Government Resource
- http://www.us-cert.gov/cas/techalerts/TA05-012B.htmlThird Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2004-1043?
How severe is CVE-2004-1043?
How do I fix CVE-2004-1043?
Are you affected by CVE-2004-1043?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST