Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0839

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0839
Last Modified 10 Sep 2008 03:28:01
Published 18 Aug 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0839

Summary

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".

Vulnerable Systems

Operating System

  • Avaya Modular Messaging Message Storage Server 1.1

  • Avaya Modular Messaging Message Storage Server 2.0

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server Enterprise

  • Microsoft Windows 2003 Server Enterprise 64-bit

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Standard

  • Microsoft Windows 2003 Server Web

  • Microsoft Windows 98

  • Microsoft Windows 98se

  • Microsoft Windows Me

  • Microsoft Windows Xp

Application

  • Avaya Ip600 Media Servers

  • Microsoft Ie 5.0.1

  • Microsoft Ie 5.5

  • Microsoft Ie 6.0

  • Nortel Ip Softphone 2050

  • Nortel Mobile Voice Client 2050

  • Nortel Optivity Telephony Manager

  • Nortel Symposium Web Centre Portal

  • Nortel Symposium Web Client


References

CERT - TA04-293A

CERT-VN - VU#526089

XF - ie-dragdrop-code-execution(17044)

BID - 10973

MS - MS04-038

FULLDISC - 20040818 What A Drag II XP SP2

BUGTRAQ - 20040824 What A Drag! -revisited-


Last Updated: 27 May 2016 10:38:46