Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2004-0839
HistoryAug 18, 2004 - 4:00 a.m.

CVE-2004-0839

2004-08-1804:00:00
[email protected]
web.nvd.nist.gov
9

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.897

Percentile

98.9%

JSON

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by “wottapoop.html”.

Affected configurations

Nvd
Node
avayaip600_media_servers
OR
microsoftieMatch6.0sp1
OR
microsoftieMatch6.0sp2
OR
microsoftinternet_explorerMatch5.0.1
OR
microsoftinternet_explorerMatch5.0.1sp1
OR
microsoftinternet_explorerMatch5.0.1sp2
OR
microsoftinternet_explorerMatch5.0.1sp3
OR
microsoftinternet_explorerMatch5.0.1sp4
OR
microsoftinternet_explorerMatch5.5
OR
microsoftinternet_explorerMatch5.5sp1
OR
microsoftinternet_explorerMatch5.5sp2
OR
microsoftinternet_explorerMatch6.0
OR
avayadefinity_one_media_server
OR
avayas3400
OR
avayas8100
Node
nortelip_softphone_2050
OR
nortelmobile_voice_client_2050
OR
norteloptivity_telephony_manager
OR
nortelsymposium_web_centre_portal
OR
nortelsymposium_web_client
OR
avayamodular_messaging_message_storage_serverMatch1.1
OR
avayamodular_messaging_message_storage_serverMatch2.0
OR
microsoftwindows_2000
OR
microsoftwindows_2000sp1
OR
microsoftwindows_2000sp2
OR
microsoftwindows_2000sp3
OR
microsoftwindows_2000sp4
OR
microsoftwindows_2003_serverMatchenterprise64-bit
OR
microsoftwindows_2003_serverMatchenterprise_64-bit
OR
microsoftwindows_2003_serverMatchr264-bit
OR
microsoftwindows_2003_serverMatchr2datacenter_64-bit
OR
microsoftwindows_2003_serverMatchstandard64-bit
OR
microsoftwindows_2003_serverMatchweb
OR
microsoftwindows_98gold
OR
microsoftwindows_98se
OR
microsoftwindows_me
OR
microsoftwindows_xp64-bit
OR
microsoftwindows_xphome
OR
microsoftwindows_xpmedia_center
OR
microsoftwindows_xpgoldprofessional
OR
microsoftwindows_xpsp164-bit
OR
microsoftwindows_xpsp1home
OR
microsoftwindows_xpsp1media_center
OR
microsoftwindows_xpsp2home
OR
microsoftwindows_xpsp2media_center
OR
microsoftwindows_xpsp2tablet_pc
VendorProductVersionCPE
avayaip600_media_servers*cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*
microsoftie6.0cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
microsoftie6.0cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*
microsoftinternet_explorer5.0.1cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
microsoftinternet_explorer5.0.1cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
microsoftinternet_explorer5.0.1cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
microsoftinternet_explorer5.0.1cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*
microsoftinternet_explorer5.0.1cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*
microsoftinternet_explorer5.5cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
microsoftinternet_explorer5.5cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
Rows per page:
1-10 of 461

References

Related

checkpoint_advisories 1
cert 1
cvelist 1
cve 1
securityvulns 4
openvas 2
checkpoint_advisories
checkpoint_advisories
Internet Explorer Drag and Drop Elevation of Privilege (MS04-038; CVE-2004-0839)
2009-12-13 00:00:00
cert
cert
Microsoft Internet Explorer treats arbitrary files as images for drag and drop operations
2004-09-14 00:00:00
cvelist
cvelist
CVE-2004-0839
2004-09-14 04:00:00
cve
cve
CVE-2004-0839
2004-09-14 04:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS05-008 Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)
2005-02-08 00:00:00
US-CERT Technical Cyber Security Alert TA04-293A -- Multiple Vulnerabilities in Microsoft Internet Explorer
2004-10-22 00:00:00
Microsoft Security Bulletin MS05-014 Cumulative Security Update for Internet Explorer (867282)
2005-02-09 00:00:00
openvas
openvas
IE 5.01 5.5 6.0 Cumulative patch (890923)
2005-11-03 00:00:00
IE 5.01 5.5 6.0 Cumulative patch (890923)
2005-11-03 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.897

Percentile

98.9%

JSON
Related for NVD:CVE-2004-0839
checkpoint_advisories1cert1cvelist1cve1securityvulns4openvas2