Arbitrary Code Execution via Zone Restriction Bypass in Internet Explorer

Arbitrary Code Execution via Zone Restriction Bypass in Internet Explorer

CVE-2003-0838 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe).

Learn more about our Web Application Penetration Testing UK.