CVE-2004-1043

Microsoft Internet Explorer (Windows XP SP2) - HTML Help Control Local Zone Bypass

Severity Score

7.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2004-11-17 CVE Reserved
2004-12-25 First Exploit
2004-12-31 CVE Published
2024-08-08 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (11)

URL	Tag	Source
http://archives.neohapsis.com/archives/bugtraq/2004-12/0426.html	Mailing List
http://www.kb.cert.org/vuls/id/972415	Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA05-012B.html	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18311	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1349	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1963	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2830	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3496	Signature

URL	Date	SRC
https://packetstorm.news/files/id/148307	2018-06-26
https://www.exploit-db.com/exploits/719	2004-12-25

URL	Date	SRC

URL	Date	SRC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-001	2021-07-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				6.0 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0"		-		Affected
Microsoft Search vendor "Microsoft"		Windows Xp Search vendor "Microsoft" for product "Windows Xp"				*		sp2, tablet_pc		Affected