10

CVE-2004-0549

EPSS 71.7%
Published 06.08.2004 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.

Affected products Warnungen 0 Metrics 2 CWE 0 References 19

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Internet Explorer

Microsoft ≫ Internet Explorer Version5.01

Microsoft ≫ Internet Explorer Version5.5

Microsoft ≫ Internet Explorer Version6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	71.7%	0.987

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

http://www.us-cert.gov/cas/techalerts/TA04-212A.html

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-025

http://62.131.86.111/analysis.htm

http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0031.html

http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0104.html

http://marc.info/?l=bugtraq&m=108786396622284&w=2

http://marc.info/?l=bugtraq&m=108852642021426&w=2

http://umbrella.name/originalvuln/msie/InsiderPrototype/

http://www.kb.cert.org/vuls/id/713878

US Government Resource

http://www.us-cert.gov/cas/techalerts/TA04-163A.html

Patch

Third Party Advisory

US Government Resource

http://www.us-cert.gov/cas/techalerts/TA04-184A.html

US Government Resource

https://exchange.xforce.ibmcloud.com/vulnerabilities/16348

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1133

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A207

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A241

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A519

https://nvd.nist.gov/vuln/detail/CVE-2004-0549

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-0549

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-0549

EUVD