Oval Definition:oval:org.mitre.oval:def:6031
Revision Date:2014-02-24Version:44
Title:IE v5.5, SP2 HijackClick 3 / Script in Image Tag File Download Vulnerability
Description:Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2004-0841
Platform(s):Microsoft Windows 2000
Microsoft Windows ME
Microsoft Windows NT
Product(s):Microsoft Internet Explorer
Definition Synopsis
  • Software section
  • Internet Explorer 5.5 Service Pack 2 is installed
  • AND the version of mshtml.dll is less than 5.50.4945.2800
  • AND NOT the patch kb834707 is installed (Installed Components key)
  • AND Configuration section
  • ActiveX controls and active scripting are enabled
  • current user settings are being used and ActiveX controls and active scripting are enabled
  • NOT use machine settings rather than individual user settings
  • AND ActiveX controls are enabled for the current user
  • AND active scripting is enabled for the current user
  • OR local machine settings are being used and ActiveX controls and active scripting are enabled
  • use machine settings rather than individual user settings
  • AND ActiveX controls are enabled for the local machine
  • AND active scripting is enabled for the local machine
    • BACK