Vulnerabilities > CVE-2004-0839

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
microsoft
avaya
nortel
NVD
Published: 2004-08-18
Updated: 2021-07-23

Summary

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".

Vulnerable Configurations

Part Description Count
Application
Microsoft
11
Application
Avaya
1
Application
Nortel
5
Hardware
Avaya
3
OS
Microsoft
24
OS
Avaya
2

Oval

  • accepted2014-02-24T04:00:20.002-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameChristine Walzer
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInternet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
    familywindows
    idoval:org.mitre.oval:def:1563
    statusaccepted
    submitted2004-10-25T04:59:00.000-04:00
    titleIE v6.0,SP1 Drag-and-Drop Code Execution Vulnerability
    version68
  • accepted2014-02-24T04:00:32.496-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInternet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
    familywindows
    idoval:org.mitre.oval:def:2073
    statusaccepted
    submitted2004-10-25T04:42:00.000-04:00
    titleIE v5.01,SP3 Drag-and-Drop Code Execution Vulnerability
    version67
  • accepted2014-02-24T04:03:16.955-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameChristine Walzer
      organizationThe MITRE Corporation
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInternet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
    familywindows
    idoval:org.mitre.oval:def:3773
    statusaccepted
    submitted2005-01-18T12:00:00.000-04:00
    titleIE v5.5,SP2 Drag-and-Drop Code Execution Vulnerability
    version67
  • accepted2014-02-24T04:03:18.005-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInternet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
    familywindows
    idoval:org.mitre.oval:def:4152
    statusaccepted
    submitted2004-10-25T04:44:00.000-04:00
    titleIE v5.01,SP4 Drag-and-Drop Code Execution Vulnerability
    version67
  • accepted2014-02-24T04:03:24.596-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInternet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
    familywindows
    idoval:org.mitre.oval:def:6272
    statusaccepted
    submitted2004-10-25T12:00:00.000-04:00
    titleIE v6.0,SP1 (Server 2003) Drag-and-Drop Code Execution Vulnerability
    version68
  • accepted2014-02-24T04:03:26.955-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameChristine Walzer
      organizationThe MITRE Corporation
    • nameJohn Hoyland
      organizationCentennial Software
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInternet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
    familywindows
    idoval:org.mitre.oval:def:7721
    statusaccepted
    submitted2004-10-25T04:00:00.000-04:00
    titleIE v6.0 Drag-and-Drop Code Execution Vulnerability
    version68

References