Vulnerabilities > CVE-2004-0841
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 10 | |
| Application | 1 | |
| Hardware | 3 | |
| OS | 2 |
Exploit-Db
| description | Microsoft Internet Explorer 5.0.1 Popup.show Mouse Event Hijacking Vulnerability. CVE-2004-0841. Remote exploit for windows platform |
| id | EDB-ID:24266 |
| last seen | 2016-02-02 |
| modified | 2004-07-12 |
| published | 2004-07-12 |
| reporter | Paul |
| source | https://www.exploit-db.com/download/24266/ |
| title | Microsoft Internet Explorer 5.0.1 Popup.show Mouse Event Hijacking Vulnerability |
Oval
accepted 2014-02-24T04:03:13.349-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name John Hoyland organization Centennial Software name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability." family windows id oval:org.mitre.oval:def:2611 status accepted submitted 2004-10-25T04:00:00.000-04:00 title IE v6.0 HijackClick 3 / Script in Image Tag File Download Vulnerability version 68 accepted 2014-02-24T04:03:18.632-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability." family windows id oval:org.mitre.oval:def:4363 status accepted submitted 2005-01-18T12:00:00.000-04:00 title IE v5.01, SP3 HijackClick 3 / Script in Image Tag File Download Vulnerability version 67 accepted 2014-02-24T04:03:23.531-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Harvey Rubinovitz organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability." family windows id oval:org.mitre.oval:def:5620 status accepted submitted 2005-01-18T12:00:00.000-04:00 title IE v6.0 for 2003, SP3 HijackClick 3 / Script in Image Tag File Download Vulnerability version 68 accepted 2014-02-24T04:03:24.130-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability." family windows id oval:org.mitre.oval:def:6031 status accepted submitted 2004-10-25T07:54:00.000-04:00 title IE v5.5, SP2 HijackClick 3 / Script in Image Tag File Download Vulnerability version 67 accepted 2014-02-24T04:03:24.192-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability." family windows id oval:org.mitre.oval:def:6048 status accepted submitted 2005-01-18T12:00:00.000-04:00 title IE v5.01, SP4 HijackClick 3 / Script in Image Tag File Download Vulnerability version 67 accepted 2014-02-24T04:03:27.894-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability." family windows id oval:org.mitre.oval:def:8077 status accepted submitted 2005-01-18T12:00:00.000-04:00 title IE v6.0, SP1 HijackClick 3 / Script in Image Tag File Download Vulnerability version 68
References
- http://www.securityfocus.com/archive/1/368652
- http://www.securityfocus.com/bid/10690
- http://www.securityfocus.com/archive/1/368666
- http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html
- http://www.us-cert.gov/cas/techalerts/TA04-293A.html
- http://www.kb.cert.org/vuls/id/413886
- http://www.osvdb.org/7774
- http://securitytracker.com/id?1010679
- http://secunia.com/advisories/12048
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16675
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038