CVE-2004-0839

Description

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".

Affected products

• Avaya / definity_one_media_server
• Avaya / ip600_media_servers
• Avaya / modular_messaging_message_storage_server1.1 – 1.1
• Avaya / modular_messaging_message_storage_server2.0 – 2.0
• Avaya / s3400
• Avaya / s8100
• Microsoft / ie6.0 – 6.0
• Microsoft / ie6.0 – 6.0
• Microsoft / internet_explorer5.5 – 5.5
• Microsoft / internet_explorer6.0 – 6.0
• Microsoft / internet_explorer5.0.1 – 5.0.1
• Microsoft / internet_explorer5.0.1 – 5.0.1
• Microsoft / internet_explorer5.0.1 – 5.0.1
• Microsoft / internet_explorer5.0.1 – 5.0.1
• Microsoft / internet_explorer5.0.1 – 5.0.1
• Microsoft / internet_explorer5.5 – 5.5
• Microsoft / internet_explorer5.5 – 5.5
• Microsoft / windows_2000
• Microsoft / windows_2000
• Microsoft / windows_2000
• Microsoft / windows_2000
• Microsoft / windows_2000
• Microsoft / windows_2003_serverenterprise_64-bit – enterprise_64-bit
• Microsoft / windows_2003_serverenterprise – enterprise
• Microsoft / windows_2003_serverr2 – r2
• Microsoft / windows_2003_serverr2 – r2
• Microsoft / windows_2003_serverstandard – standard
• Microsoft / windows_2003_serverweb – web
• Microsoft / windows_98
• Microsoft / windows_98se
• Microsoft / windows_me
• Microsoft / windows_xp
• Microsoft / windows_xp
• Microsoft / windows_xp
• Microsoft / windows_xp
• Microsoft / windows_xp
• Microsoft / windows_xp
• Microsoft / windows_xp
• Microsoft / windows_xp
• Microsoft / windows_xp
• Microsoft / windows_xp
• nortel / ip_softphone_2050
• nortel / mobile_voice_client_2050
• nortel / optivity_telephony_manager
• nortel / symposium_web_centre_portal
• nortel / symposium_web_client

References

• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721
• MISChttp://www.securityfocus.com/bid/10973
• MAILING_LISThttp://marc.info/?l=bugtraq&m=109336221826652&w=2
• MISChttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272
• MAILING_LISThttp://seclists.org/lists/fulldisclosure/2004/Aug/0868.html
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073
• MAILING_LISThttp://marc.info/?l=bugtraq&m=109303291513335&w=2
• MISChttp://www.us-cert.gov/cas/techalerts/TA04-293A.html
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773
• MISChttp://www.kb.cert.org/vuls/id/526089
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/17044
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563