Lucene search

[email protected]CVE-2004-0839

HistorySep 14, 2004 - 4:00 a.m.

CVE-2004-0839

2004-09-1404:00:00

[email protected]

web.nvd.nist.gov

internet explorer

windows xp

sp2

cve-2004-0839

remote installation

web page

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.4 High

AI Score

Confidence

High

0.846 High

EPSS

Percentile

98.5%

JSON

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by “wottapoop.html”.

Affected configurations

NVD

Node

avayaip600_media_servers

microsoftieMatch6.0sp1

microsoftieMatch6.0sp2

microsoftinternet_explorerMatch5.0.1

microsoftinternet_explorerMatch5.0.1sp1

microsoftinternet_explorerMatch5.0.1sp2

microsoftinternet_explorerMatch5.0.1sp3

microsoftinternet_explorerMatch5.0.1sp4

microsoftinternet_explorerMatch5.5

microsoftinternet_explorerMatch5.5sp1

microsoftinternet_explorerMatch5.5sp2

microsoftinternet_explorerMatch6.0

avayadefinity_one_media_server

avayas3400

avayas8100

Node

nortelip_softphone_2050

nortelmobile_voice_client_2050

norteloptivity_telephony_manager

nortelsymposium_web_centre_portal

nortelsymposium_web_client

avayamodular_messaging_message_storage_serverMatch1.1

avayamodular_messaging_message_storage_serverMatch2.0

microsoftwindows_2000

microsoftwindows_2000sp1

microsoftwindows_2000sp2

microsoftwindows_2000sp3

microsoftwindows_2000sp4

microsoftwindows_2003_serverMatchenterprise64-bit

microsoftwindows_2003_serverMatchenterprise_64-bit

microsoftwindows_2003_serverMatchr264-bit

microsoftwindows_2003_serverMatchr2datacenter_64-bit

microsoftwindows_2003_serverMatchstandard64-bit

microsoftwindows_2003_serverMatchweb

microsoftwindows_98gold

microsoftwindows_98se

microsoftwindows_me

microsoftwindows_xp64-bit

microsoftwindows_xphome

microsoftwindows_xpmedia_center

microsoftwindows_xpgoldprofessional

microsoftwindows_xpsp164-bit

microsoftwindows_xpsp1home

microsoftwindows_xpsp1media_center

microsoftwindows_xpsp2home

microsoftwindows_xpsp2media_center

microsoftwindows_xpsp2tablet_pc

CPENameOperatorVersion
avaya:ip600_media_serversavaya ip600 media serverseq*
microsoft:iemicrosoft ieeq6.0
microsoft:internet_explorermicrosoft internet explorereq5.0.1
microsoft:internet_explorermicrosoft internet explorereq5.5
microsoft:internet_explorermicrosoft internet explorereq6.0
avaya:definity_one_media_serveravaya definity one media servereq*
avaya:s3400avaya s3400eq*
avaya:s8100avaya s8100eq*

CPE	Name	Operator	Version
avaya:ip600_media_servers	avaya ip600 media servers	eq	*
microsoft:ie	microsoft ie	eq	6.0
microsoft:internet_explorer	microsoft internet explorer	eq	5.0.1
microsoft:internet_explorer	microsoft internet explorer	eq	5.5
microsoft:internet_explorer	microsoft internet explorer	eq	6.0
avaya:definity_one_media_server	avaya definity one media server	eq	*
avaya:s3400	avaya s3400	eq	*
avaya:s8100	avaya s8100	eq	*