Lucene search

[email protected]CVE-2004-0839

HistoryAug 18, 2004 - 4:00 a.m.

CVE-2004-0839

2004-08-1804:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

internet explorer

windows xp

sp2

cve-2004-0839

remote installation

web page

security vulnerability

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.846 High

EPSS

Percentile

98.5%

JSON

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by “wottapoop.html”.

CPENameOperatorVersion
avaya:definity_one_media_serveravaya definity one media servereq*
microsoft:iemicrosoft ieeq6.0
avaya:s8100avaya s8100eq*
avaya:ip600_media_serversavaya ip600 media serverseq*
avaya:s3400avaya s3400eq*
microsoft:internet_explorermicrosoft internet explorereq5.5
microsoft:internet_explorermicrosoft internet explorereq5.0.1
microsoft:internet_explorermicrosoft internet explorereq6.0
microsoft:windows_xpmicrosoft windows xpeq*
nortel:optivity_telephony_managernortel optivity telephony managereq*

CPE	Name	Operator	Version
avaya:definity_one_media_server	avaya definity one media server	eq	*
microsoft:ie	microsoft ie	eq	6.0
avaya:s8100	avaya s8100	eq	*
avaya:ip600_media_servers	avaya ip600 media servers	eq	*
avaya:s3400	avaya s3400	eq	*
microsoft:internet_explorer	microsoft internet explorer	eq	5.5
microsoft:internet_explorer	microsoft internet explorer	eq	5.0.1
microsoft:internet_explorer	microsoft internet explorer	eq	6.0
microsoft:windows_xp	microsoft windows xp	eq	*
nortel:optivity_telephony_manager	nortel optivity telephony manager	eq	*

Rows per page:

1-10 of 251

References

marc.info/?l=bugtraq&m=109303291513335&w=2

marc.info/?l=bugtraq&m=109336221826652&w=2

seclists.org/lists/fulldisclosure/2004/Aug/0868.html

www.kb.cert.org/vuls/id/526089

www.securityfocus.com/bid/10973

www.us-cert.gov/cas/techalerts/TA04-293A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038

exchange.xforce.ibmcloud.com/vulnerabilities/17044

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.846 High

EPSS

Percentile

98.5%

JSON

Related for CVE-2004-0839

cert1 checkpoint_advisories1 securityvulns4 openvas2