Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0549Microsoft Internet Explorer vulnerability

4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
69.0%
top 1.35%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedAug 6
Latest updateApr 29

Description

The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribu

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/internet_explorer5.01, 5.5, 6.0+2

Patches

Patch: www.us-cert.govPatch: www.us-cert.gov

🔴Vulnerability Details

2
GHSA
GHSA-2hx7-84c2-vv8q: The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to ex2022-04-29
VulnCheck
Microsoft Internet Explorer showModalDialog Method Vulnerability2004

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer - Remote Wscript.Shell2004-07-13
CVE-2004-0549 — Microsoft vulnerability | cvebase