Vulnerabilities > CVE-2004-0839
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Hardware | 3 | |
Application | 11 | |
Application | 1 | |
Application | 5 | |
OS | Microsoft
| 24 |
OS | 2 |
Oval
accepted 2014-02-24T04:00:20.002-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html". family windows id oval:org.mitre.oval:def:1563 status accepted submitted 2004-10-25T04:59:00.000-04:00 title IE v6.0,SP1 Drag-and-Drop Code Execution Vulnerability version 68 accepted 2014-02-24T04:00:32.496-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html". family windows id oval:org.mitre.oval:def:2073 status accepted submitted 2004-10-25T04:42:00.000-04:00 title IE v5.01,SP3 Drag-and-Drop Code Execution Vulnerability version 67 accepted 2014-02-24T04:03:16.955-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Maria Mikhno organization ALTX-SOFT
description Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html". family windows id oval:org.mitre.oval:def:3773 status accepted submitted 2005-01-18T12:00:00.000-04:00 title IE v5.5,SP2 Drag-and-Drop Code Execution Vulnerability version 67 accepted 2014-02-24T04:03:18.005-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html". family windows id oval:org.mitre.oval:def:4152 status accepted submitted 2004-10-25T04:44:00.000-04:00 title IE v5.01,SP4 Drag-and-Drop Code Execution Vulnerability version 67 accepted 2014-02-24T04:03:24.596-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Harvey Rubinovitz organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html". family windows id oval:org.mitre.oval:def:6272 status accepted submitted 2004-10-25T12:00:00.000-04:00 title IE v6.0,SP1 (Server 2003) Drag-and-Drop Code Execution Vulnerability version 68 accepted 2014-02-24T04:03:26.955-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name John Hoyland organization Centennial Software name Maria Mikhno organization ALTX-SOFT
description Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html". family windows id oval:org.mitre.oval:def:7721 status accepted submitted 2004-10-25T04:00:00.000-04:00 title IE v6.0 Drag-and-Drop Code Execution Vulnerability version 68
References
- http://marc.info/?l=bugtraq&m=109303291513335&w=2
- http://marc.info/?l=bugtraq&m=109303291513335&w=2
- http://marc.info/?l=bugtraq&m=109336221826652&w=2
- http://marc.info/?l=bugtraq&m=109336221826652&w=2
- http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html
- http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html
- http://www.kb.cert.org/vuls/id/526089
- http://www.kb.cert.org/vuls/id/526089
- http://www.securityfocus.com/bid/10973
- http://www.securityfocus.com/bid/10973
- http://www.us-cert.gov/cas/techalerts/TA04-293A.html
- http://www.us-cert.gov/cas/techalerts/TA04-293A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17044
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17044
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721