Overview
The Microsoft Internet Explorer HTML Help ActiveX control is not restricted by the Local Machine Zone Lockdown feature. This can allow an attacker to execute script in the Local Machine Zone.
Description
Windows XP SP2 introduces a feature called Local Machine Zone Lockdown. This feature places restrictions on what actions an HTML document can perform when it resides in the Local Machine Zone. For example, Active scripting and ActiveX controls are disabled for Internet Explorer in the Local Machine Zone. The HTML Help ActiveX control (Hhctrl.ocx) is not restricted by the Local Machine Zone Lockdown. This means that the HTML Help control can be used to perform various actions, such as executing script, in the Local Machine Zone. |
Impact
By convincing a user to view an HTML document (e.g., a web page or HTML email messsage), an attacker could cause arbitrary script to execute in the Local Machine Zone. Depending on the patch level of the target machine, it may be possible for the script to download and execute arbitrary code. |
Solution
Install update |
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
- http://msdn.microsoft.com/security/productinfo/xpsp2/securebrowsing/locallockdown.aspx
- http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2brows.mspx#EHAA
- http://msdn.microsoft.com/library/default.asp?url=/library/en-us/htmlhelp/html/vsconocxov.asp
- http://www.securityfocus.com/archive/1/378885
- http://www.securitytracker.com/alerts/2004/Nov/1012342.html
- http://xforce.iss.net/xforce/xfdb/17824
Acknowledgements
This vulnerability was publicly reported by http-equiv.
This document was written by Will Dormann.
Other Information
CVE IDs: | CVE-2004-0985 |
Severity Metric: | 36.00 |
Date Public: | 2004-10-20 |
Date First Published: | 2004-12-22 |
Date Last Updated: | 2005-07-19 22:25 UTC |
Document Revision: | 11 |