CVE-2004-0549

critical Microsoft
CVSS v3 Base Score
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS Score
69.0%
Exploitation probability in 30 days
Top 1% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: August 6, 2004 (7951 days ago)
Last Modified: April 16, 2026
Vendor: Microsoft
Source: NVD

Description

The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.

CWE

NVD-CWE-Other

Affected Products

microsoft internet explorer

References

🔗 62.131.86.111 🔗 archives.neohapsis.com 🔗 archives.neohapsis.com 🔗 marc.info 🔗 marc.info