CVE

Id
7662  
CVE No.
CVE-2003-0838  
Status
Candidate  
Description
Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe).  
Phase
Assigned (20031002)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
45312 7662 CVE-2003-0838 BUGTRAQ:20030907 BAD NEWS: Microsoft Security Bulletin MS03-032  View
45313 7662 CVE-2003-0838 URL:http://marc.info/?l=bugtraq&m=106304733121753&w=2  View
45314 7662 CVE-2003-0838 NTBUGTRAQ:20030907 BAD NEWS: Microsoft Security Bulletin MS03-032  View
45315 7662 CVE-2003-0838 URL:http://marc.info/?l=ntbugtraq&m=106302799428500&w=2  View
45316 7662 CVE-2003-0838 FULLDISC:20030907 BAD NEWS: Microsoft Security Bulletin MS03-032  View
45317 7662 CVE-2003-0838 URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009639.html  View
45318 7662 CVE-2003-0838 BUGTRAQ:20030908 Temporary Fix for IE Zero Day Malware RE: BAD NEWS: Microsoft Security Bulletin MS03-032  View
45319 7662 CVE-2003-0838 URL:http://marc.info/?l=bugtraq&m=106304876523459&w=2  View
45320 7662 CVE-2003-0838 NTBUGTRAQ:20031001 DNS/Hosts file issues  View
45321 7662 CVE-2003-0838 URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0310&L=ntbugtraq&F=P&S=&P=2169  View
45322 7662 CVE-2003-0838 MISC:http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html  View
45323 7662 CVE-2003-0838 MS:MS03-040  View
45324 7662 CVE-2003-0838 URL:http://www.microsoft.com/technet/security/bulletin/ms03-040.asp  View
45325 7662 CVE-2003-0838 BID:8556  View
45326 7662 CVE-2003-0838 URL:http://www.securityfocus.com/bid/8556  View
45327 7662 CVE-2003-0838 OSVDB:7872  View
45328 7662 CVE-2003-0838 URL:http://www.osvdb.org/7872  View
45329 7662 CVE-2003-0838 OVAL:oval:org.mitre.oval:def:204  View
45330 7662 CVE-2003-0838 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:204  View
45331 7662 CVE-2003-0838 XF:ie-popup-code-execution(13314)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
63447 JVNDB-2003-000173 Microsoft Internet Explorer の %USERPROFILE% におけるディレクトリトラバーサルの脆弱性 Microsoft Internet Explorer には、「サーバーが見つかりません」という HTML 形式のエラーページのアドレスを利用することで、ユーザ名を推測しなくても、%USERPROFILE% フォルダへの移動を許してしまう脆弱性が存在します。 CVE-2003-0839 7662 5 http://jvndb.jvn.jp/ja/contents/2003/JVNDB-2003-000173.html  View