10

CVE-2004-0549

EPSS 71.7%
Veröffentlicht 06.08.2004 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 19

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Internet Explorer

Microsoft ≫ Internet Explorer Version5.01

Microsoft ≫ Internet Explorer Version5.5

Microsoft ≫ Internet Explorer Version6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	71.7%	0.987

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

http://www.us-cert.gov/cas/techalerts/TA04-212A.html

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-025

http://62.131.86.111/analysis.htm

http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0031.html

http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0104.html

http://marc.info/?l=bugtraq&m=108786396622284&w=2

http://marc.info/?l=bugtraq&m=108852642021426&w=2

http://umbrella.name/originalvuln/msie/InsiderPrototype/

http://www.kb.cert.org/vuls/id/713878

US Government Resource

http://www.us-cert.gov/cas/techalerts/TA04-163A.html

Patch

Third Party Advisory

US Government Resource

http://www.us-cert.gov/cas/techalerts/TA04-184A.html

US Government Resource

https://exchange.xforce.ibmcloud.com/vulnerabilities/16348

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1133

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A207

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A241

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A519

https://nvd.nist.gov/vuln/detail/CVE-2004-0549

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-0549

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-0549

EUVD