CVE-2004-1043

N/A Unknown

Published: December 31, 2004 Modified: April 16, 2026

Description

Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://archives.neohapsis.com/archives/bugtraq/2004-12/0426.html

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/972415

Source: cve@mitre.org

Third Party Advisory US Government Resource

http://www.us-cert.gov/cas/techalerts/TA05-012B.html

Source: cve@mitre.org

Third Party Advisory US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-001

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/18311

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1349

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1963

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2830

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3496

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2004-12/0426.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/972415

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource

http://www.us-cert.gov/cas/techalerts/TA05-012B.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-001

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/18311

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1349

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1963

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2830

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3496

Source: af854a3a-2127-422b-91ae-364da2661108

18 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

74.5%

99th percentile

Exploitation Status

Not in CISA KEV

Affected Vendors

microsoft