Executive Summary

Informations
Name MS05-001 First vendor Publication N/A
Vendor Microsoft Last vendor Modification N/A
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability in HTML Help Could Allow Code Execution (890175)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1349
 
Oval ID: oval:org.mitre.oval:def:1349
Title: Server 2003 IE HTML Help ActiveX control Cross Domain Vulnerability
Description: Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2004-1043
 Version: 1
Platform(s): Microsoft Windows Server 2003
 Product(s): HTML Help ActiveX Control
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1963
 
Oval ID: oval:org.mitre.oval:def:1963
Title: Windows XP IE HTML Help ActiveX control Cross Domain Vulnerability
Description: Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2004-1043
 Version: 7
Platform(s): Microsoft Windows XP
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:2830
 
Oval ID: oval:org.mitre.oval:def:2830
Title: Windows 2000 IE HTML Help ActiveX control Cross Domain Vulnerability
Description: Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2004-1043
 Version: 1
Platform(s): Microsoft Windows 2000
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:3496
 
Oval ID: oval:org.mitre.oval:def:3496
Title: Windows NT IE HTML Help ActiveX control Cross Domain Vulnerability
Description: Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2004-1043
 Version: 3
Platform(s): Microsoft Windows NT
 Product(s): HTML Help ActiveX Control
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 1

Open Source Vulnerability Database (OSVDB)

Id Description
12840 Microsoft Windows HTML Help Related Topics Arbitrary Command Execution

Microsoft Windows contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is triggered due to the 'Related Topics' command in the Help ActiveX control ('hhctrl.ocx'). It is possible that the flaw may allow a remote attacker to create a specially crafted URL to open a help popup window and inject scripting code into that window, which could allow arbitrary command execution in the 'Local Machine' zone resulting in a loss of integrity.

Snort® IPS/IDS

Date Description
2014-01-10 HTML Help ActiveX Object Access
RuleID : 4149 - Revision : 5 - Type : WEB-CLIENT
2014-01-10 Microsoft Windows HTML Help hhctrl.ocx clsid access attempt
RuleID : 3148-community - Revision : 21 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows HTML Help hhctrl.ocx clsid access attempt
RuleID : 3148 - Revision : 21 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows HTML Help security zone bypass attempt
RuleID : 28387 - Revision : 2 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows HTML Help security zone bypass attempt
RuleID : 28386 - Revision : 2 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows HTML Help hhctrl.ocx remote code execution attempt
RuleID : 28385 - Revision : 2 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date Description
2005-04-19 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2005-072.nasl - Type : ACT_GATHER_INFO
2005-01-11 Name : Arbitrary code can be executed on the remote host through the web client.
File : smb_nt_ms05-001.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2014-02-17 11:45:06
  • Multiple Updates
2014-01-19 21:29:53
  • Multiple Updates
2013-05-11 12:21:39
  • Multiple Updates