The Microsoft Internet Explorer HTML Help ActiveX control is not restricted by the Local Machine Zone Lockdown feature. This can allow an attacker to execute script in the Local Machine Zone.
Windows XP SP2 introduces a feature called Local Machine Zone Lockdown. This feature places restrictions on what actions an HTML document can perform when it resides in the Local Machine Zone. For example, Active scripting and ActiveX controls are disabled for Internet Explorer in the Local Machine Zone.
The HTML Help ActiveX control (Hhctrl.ocx) is not restricted by the Local Machine Zone Lockdown. This means that the HTML Help control can be used to perform various actions, such as executing script, in the Local Machine Zone.
By convincing a user to view an HTML document (e.g., a web page or HTML email messsage), an attacker could cause arbitrary script to execute in the Local Machine Zone. Depending on the patch level of the target machine, it may be possible for the script to download and execute arbitrary code.
This vulnerability was publicly reported by http-equiv.
This document was written by Will Dormann.
|Date First Published:||2004-12-22|
|Date Last Updated:||2005-07-19 22:25 UTC|