CVE-2004-1043

EXPLOITED

Internet Explorer 6.0 on Windows XP SP2 - RCE

Title source: llm

Exploitation Summary

CVE-2004-1043 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Paul.

AI-analyzed exploit summary This exploit leverages a vulnerability in the HTML Help ActiveX control (hhctrl.ocx) to execute arbitrary code via a crafted HTML file. It uses JavaScript and VBScript to download and execute a malicious payload, achieving remote code execution (RCE) on vulnerable systems.

Description

Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Paul · textremotewindows

https://www.exploit-db.com/exploits/719

View Code ZIP pw:eip

This exploit leverages a vulnerability in the HTML Help ActiveX control (hhctrl.ocx) to execute arbitrary code via a crafted HTML file. It uses JavaScript and VBScript to download and execute a malicious payload, achieving remote code execution (RCE) on vulnerable systems.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft HTML Help Control (hhctrl.ocx) versions prior to 5.2.3790.1194

No auth needed

Prerequisites: Victim must open the malicious HTML file · Vulnerable version of hhctrl.ocx must be installed

MITRE ATT&CK