Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0841

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0841
Last Modified 10 Sep 2008 03:28:01
Published 23 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0841

Summary

Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."

Vulnerable Systems

Operating System

  • Avaya Modular Messaging Message Storage Server 1.1

  • Avaya Modular Messaging Message Storage Server 2.0

Application

  • Avaya Ip600 Media Servers

  • Microsoft Ie 5.0.1

  • Microsoft Ie 5.5

  • Microsoft Ie 6.0


References

CERT - TA04-293A

CERT-VN - VU#413886

XF - ie-popupshow-perform-actions(16675)

BID - 10690

BUGTRAQ - 20040711 HijackClick 3

MS - MS04-038

BUGTRAQ - 20040712 Re: HijackClick 3

FULLDISC - 20040712 Brand New Hole: Internet Explorer: HijackClick 3

OSVDB - 7774

SECTRACK - 1010679

SECUNIA - 12048


Last Updated: 27 May 2016 10:38:46