New Search

IE ActiveX Popup Zone Restriction Bypass

oval:org.mitre.oval:def:204

Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code which Internet Explorer treats as HTML or Javascript but later executes as an HTA application a different vulnerability than CVE-2003-0532 and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts QHosts-1 VBS.QHOSTS or aolfix.exe).

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 2000
Class:
vulnerability
Reference(s):
  • CVE-2003-0838
Product(s):