CVE-2004-0841

Description

Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."

Affected products

• Avaya / definity_one_media_server
• Avaya / ip600_media_servers
• Avaya / modular_messaging_message_storage_server2.0 – 2.0
• Avaya / modular_messaging_message_storage_server1.1 – 1.1
• Avaya / s3400
• Avaya / s8100
• Microsoft / ie6.0 – 6.0
• Microsoft / internet_explorer5.5 – 5.5
• Microsoft / internet_explorer5.5 – 5.5
• Microsoft / internet_explorer5.5 – 5.5
• Microsoft / internet_explorer6.0 – 6.0
• Microsoft / internet_explorer5.0.1 – 5.0.1
• Microsoft / internet_explorer5.0.1 – 5.0.1
• Microsoft / internet_explorer5.0.1 – 5.0.1
• Microsoft / internet_explorer5.0.1 – 5.0.1
• Microsoft / internet_explorer5.0.1 – 5.0.1

References

• MISChttp://www.kb.cert.org/vuls/id/413886
• MISChttp://securitytracker.com/id?1010679
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611
• MISChttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077
• VENDOR_ADVISORYhttp://secunia.com/advisories/12048
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/16675
• MISChttp://www.us-cert.gov/cas/techalerts/TA04-293A.html
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363
• MISChttp://www.securityfocus.com/bid/10690
• MISChttp://www.osvdb.org/7774
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031
• MISChttp://www.securityfocus.com/archive/1/368652
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048
• MISChttp://www.securityfocus.com/archive/1/368666
• MISChttp://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html