Oval Definition:oval:org.mitre.oval:def:7721
Revision Date:2014-02-24Version:45
Title:IE v6.0 Drag-and-Drop Code Execution Vulnerability
Description:Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2004-0839
Platform(s):Microsoft Windows XP
Product(s):Microsoft Internet Explorer
Definition Synopsis
  • Software section
  • the version of mshtml.dll is less than 6.0.2745.2800
  • AND NOT the patch kb834707 is installed (Installed Components key)
  • AND Internet Explorer 6 is installed
  • AND Configuration section
  • ActiveX controls and active scripting are enabled
  • current user settings are being used and ActiveX controls and active scripting are enabled
  • NOT use machine settings rather than individual user settings
  • AND ActiveX controls are enabled for the current user
  • AND active scripting is enabled for the current user
  • OR local machine settings are being used and ActiveX controls and active scripting are enabled
  • use machine settings rather than individual user settings
  • AND ActiveX controls are enabled for the local machine
  • AND active scripting is enabled for the local machine
    • BACK