CVE-2004-0549

Name of the Vulnerable Software and Affected Versions Internet Explorer version 6

Description The issue allows remote attackers to execute arbitrary code in the Local Security context. This can be achieved by using the showModalDialog method and modifying the location to execute code, such as Javascript. The exploitation can occur through delayed HTTP redirect operations or by modifying the location attribute of the window object.

Recommendations For Internet Explorer version 6, consider disabling the showModalDialog method as a temporary workaround until a patch is available. Restrict access to the MSHTML engine to minimize the risk of exploitation. Avoid using the location attribute of the window object in affected scenarios until the issue is resolved.