Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2004-0985
HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-0985

2004-12-3105:00:00
[email protected]
web.nvd.nist.gov
7

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

High

EPSS

0.05

Percentile

92.9%

JSON

Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help.

Affected configurations

Nvd
Node
microsoftieMatch6.0sp2
VendorProductVersionCPE
microsoftie6.0cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*

Related

cvelist 1
cve 1
cert 1
securityvulns 2
cvelist
cvelist
CVE-2004-0985
2004-10-26 04:00:00
cve
cve
CVE-2004-0985
2004-12-31 05:00:00
cert
cert
Microsoft Internet Explorer HTML Help control bypasses Local Machine Zone Lockdown
2004-12-22 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS05-008 Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)
2005-02-08 00:00:00
Microsoft Security Bulletin MS05-014 Cumulative Security Update for Internet Explorer (867282)
2005-02-09 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

High

EPSS

0.05

Percentile

92.9%

JSON
Related for NVD:CVE-2004-0985
cvelist1cve1cert1securityvulns2