Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0838Microsoft Internet Explorer vulnerability

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
67.1%
top 1.44%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedNov 17
Latest updateApr 29

Description

Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe).

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDmicrosoft/internet_explorer5.0.1, 5.5, 6.0+2
NVDmicrosoft/ie6.0

🔴Vulnerability Details

2
GHSA
GHSA-rjqq-fhgc-2rj8: Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and insertin2022-04-29
CVEList
CVE-2003-0838: Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and insertin2003-10-07

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 5/6 - Browser Popup Window Object Type Validation2003-09-07
CVE-2003-0838 — Microsoft vulnerability | cvebase