Vulnerabilities > CVE-2004-0549 - Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
microsoft
critical
exploit available
NVD
Published: 2004-08-06
Updated: 2021-07-23

Summary

The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.

Vulnerable Configurations

Part Description Count
Application
Microsoft
4

Exploit-Db

descriptionMS Internet Explorer Remote Wscript.Shell Exploit. CVE-2004-0549. Remote exploit for windows platform
idEDB-ID:316
last seen2016-01-31
modified2004-07-13
published2004-07-13
reporterFerruh Mavituna
sourcehttps://www.exploit-db.com/download/316/
titleMicrosoft Internet Explorer Remote Wscript.Shell Exploit

Oval

  • accepted2014-02-24T04:00:08.969-05:00
    classvulnerability
    contributors
    • nameTiffany Bergeron
      organizationThe MITRE Corporation
    • nameChristine Walzer
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionThe WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.
    familywindows
    idoval:org.mitre.oval:def:1133
    statusaccepted
    submitted2004-07-30T12:00:00.000-04:00
    titleScob and Toofer Internet Explorer v6.0,SP1 Vulnerabilities
    version68
  • accepted2014-02-24T04:00:31.742-05:00
    classvulnerability
    contributors
    • nameTiffany Bergeron
      organizationThe MITRE Corporation
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameChristine Walzer
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionThe WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.
    familywindows
    idoval:org.mitre.oval:def:207
    statusaccepted
    submitted2004-07-30T12:00:00.000-04:00
    titleScob and Toofer Internet Explorer v6.0,SP1 for Server 2003 Vulnerabilities
    version69
  • accepted2014-02-24T04:03:12.690-05:00
    classvulnerability
    contributors
    • nameTiffany Bergeron
      organizationThe MITRE Corporation
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionThe WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.
    familywindows
    idoval:org.mitre.oval:def:241
    statusaccepted
    submitted2004-07-30T12:00:00.000-04:00
    titleScob and Toofer Internet Explorer v5.5,SP2 Vulnerabilities
    version66
  • accepted2014-02-24T04:03:21.607-05:00
    classvulnerability
    contributors
    • nameTiffany Bergeron
      organizationThe MITRE Corporation
    • nameChristine Walzer
      organizationThe MITRE Corporation
    • nameChristine Walzer
      organizationThe MITRE Corporation
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionThe WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.
    familywindows
    idoval:org.mitre.oval:def:519
    statusaccepted
    submitted2004-07-30T04:00:00.000-04:00
    titleScob and Toofer Internet Explorer v6.0 Vulnerabilities
    version67

References