Vulnerability Note VU#939688
Microsoft Internet Explorer HTML Help control bypasses Local Machine Zone Lockdown
The Microsoft Internet Explorer HTML Help ActiveX control is not restricted by the Local Machine Zone Lockdown feature. This can allow an attacker to execute script in the Local Machine Zone.
Windows XP SP2 introduces a feature called Local Machine Zone Lockdown. This feature places restrictions on what actions an HTML document can perform when it resides in the Local Machine Zone. For example, Active scripting and ActiveX controls are disabled for Internet Explorer in the Local Machine Zone.
The HTML Help ActiveX control (Hhctrl.ocx) is not restricted by the Local Machine Zone Lockdown. This means that the HTML Help control can be used to perform various actions, such as executing script, in the Local Machine Zone.
By convincing a user to view an HTML document (e.g., a web page or HTML email messsage), an attacker could cause arbitrary script to execute in the Local Machine Zone. Depending on the patch level of the target machine, it may be possible for the script to download and execute arbitrary code.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||22 Dec 2004|
CVSS Metrics (Learn More)
This vulnerability was publicly reported by http-equiv.
This document was written by Will Dormann.
- CVE IDs: CAN-2004-0985
- Date Public: 20 Oct 2004
- Date First Published: 22 Dec 2004
- Date Last Updated: 19 Jul 2005
- Severity Metric: 36.00
- Document Revision: 11
If you have feedback, comments, or additional information about this vulnerability, please send us email.