Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2003-0838
HistoryNov 17, 2003 - 5:00 a.m.

CVE-2003-0838

2003-11-1705:00:00
mitre
web.nvd.nist.gov
25
cve-2003-0838
internet explorer
zone restrictions
remote attackers
activex
hta application
vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

High

EPSS

0.95

Percentile

99.3%

JSON

Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a “data” tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe).

Affected configurations

Nvd
Node
microsoftieMatch6.0sp1
OR
microsoftinternet_explorerMatch5.0.1
OR
microsoftinternet_explorerMatch5.0.1sp1
OR
microsoftinternet_explorerMatch5.0.1sp2
OR
microsoftinternet_explorerMatch5.0.1sp3
OR
microsoftinternet_explorerMatch5.5
OR
microsoftinternet_explorerMatch5.5sp1
OR
microsoftinternet_explorerMatch5.5sp2
OR
microsoftinternet_explorerMatch6.0
VendorProductVersionCPE
microsoftie6.0cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
microsoftinternet_explorer5.0.1cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
microsoftinternet_explorer5.0.1cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
microsoftinternet_explorer5.0.1cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
microsoftinternet_explorer5.0.1cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*
microsoftinternet_explorer5.5cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
microsoftinternet_explorer5.5cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
microsoftinternet_explorer5.5cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
microsoftinternet_explorer6.0cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

Related

cvelist 2
nvd 2
exploitdb 1
cert 1
cve 1
securityvulns 1
cvelist
cvelist
CVE-2003-0838
2003-10-07 04:00:00
CVE-2003-0532
2003-08-22 04:00:00
nvd
nvd
CVE-2003-0838
2003-11-17 05:00:00
CVE-2003-0532
2003-08-27 04:00:00
exploitdb
exploitdb
Microsoft Internet Explorer 5/6 - Browser Popup Window Object Type Validation
2003-09-07 00:00:00
cert
cert
Microsoft Internet Explorer does not properly evaluate "application/hta" MIME type referenced by DATA attribute of OBJECT element
2003-08-25 00:00:00
cve
cve
CVE-2003-0532
2003-08-27 04:00:00
securityvulns
securityvulns
CERT Advisory CA-2003-22 Multiple Vulnerabilities in Microsoft Internet Explorer
2003-08-27 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

High

EPSS

0.95

Percentile

99.3%

JSON
Related for CVE-2003-0838
cvelist2nvd2exploitdb1cert1cve1securityvulns1