CVE-2004-0839

Description

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".

Related CPE's

Could not find any relations

References

20040818 What A Drag II XP SP2

Vendor Advisory

TA04-293A

PatchThird Party AdvisoryUS Government Resource

VU#526089

PatchThird Party AdvisoryUS Government Resource

10973

ExploitPatchVendor Advisory

20040818 What A Drag II XP SP2

20040824 What A Drag! -revisited-

ie-dragdrop-code-execution(17044)

oval:org.mitre.oval:def:7721

oval:org.mitre.oval:def:6272

oval:org.mitre.oval:def:4152

oval:org.mitre.oval:def:3773

oval:org.mitre.oval:def:2073

oval:org.mitre.oval:def:1563

MS04-038

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:N/C:N/I:P/A:N

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

PARTIAL

AvailabilityImpact

NONE

BaseScore

5

Created by Yello
About Severity.io