Vulnerability Name: CVE-2004-0839 (CCN-17044) Assigned: 2004-08-18 Published: 2004-08-18 Updated: 2021-07-23 Summary: Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html". CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Access References: Source: CCNWhat A Drag II XP SP2 Re: [Full-Disclosure] What A Drag II XP SP2 CVE-2004-0839 20040818 What A Drag II XP SP2 20040824 What A Drag! -revisited- 20040818 What A Drag II XP SP2 Microsoft Cumulative Security Update for Internet Explorer (834707) Microsoft Internet Explorer treats arbitrary files as images for drag and drop operations VU#526089 Cumulative Security Update for Internet Explorer (834707) Cumulative Security Update for Internet Explorer (889293) Vulnerability in Windows Shell Could Allow Remote Code Execution (890047) Cumulative Security Update for Internet Explorer (867282) Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086) Cumulative Security Update for Internet Explorer (890923) Cumulative Security Update for Internet Explorer (883939) Cumulative Security Update for Internet Explorer (896727) Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725) Cumulative Security Update for Internet Explorer (896688) Cumulative Security Update for Internet Explorer (905915) Cumulative Security Update for Internet Explorer (910620) Cumulative Security Update for Internet Explorer (912812) Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531) Cumulative Security Update for Internet Explorer (916281) Cumulative Security Update for Internet Explorer (918899) Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398) Vulnerability in Windows Explorer Could Allow Remote Execution (923191) Cumulative Security Update for Internet Explorer (922760) Cumulative Security Update for Internet Explorer (925454) Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) Cumulative Security Update for Internet Explorer (928090) Cumulative Security Update for Internet Explorer (931768) Cumulative Security Update for Internet Explorer (933566) Cumulative Security Update for Internet Explorer (937143) Cumulative Security Update for Internet Explorer (939653) Cumulative Security Update for Internet Explorer (942615) Cumulative Security Update for Internet Explorer (944533) Cumulative Security Update for Internet Explorer (947864) Cumulative Security Update for Internet Explorer (950759) Cumulative Security Update for Internet Explorer (953838) Cumulative Security Update for Internet Explorer (956390) 10973 Microsoft Internet Explorer Implicit Drag and Drop File Installation Vulnerability TA04-293A MS04-038 ie-dragdrop-code-execution(17044) ie-dragdrop-code-execution(17044) oval:org.mitre.oval:def:1563 oval:org.mitre.oval:def:2073 oval:org.mitre.oval:def:3773 oval:org.mitre.oval:def:4152 oval:org.mitre.oval:def:6272 oval:org.mitre.oval:def:7721 Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:* OR cpe:/a:avaya:ip600_media_servers:*:*:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:ie:6.0:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:* OR cpe:/h:avaya:definity_one_media_server:*:*:*:*:*:*:*:* OR cpe:/h:avaya:s8100:*:*:*:*:*:*:*:* OR cpe:/h:avaya:s3400:*:*:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:* Configuration 2 :cpe:/a:nortel:ip_softphone_2050:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:* OR cpe:/a:nortel:mobile_voice_client_2050:*:*:*:*:*:*:*:* OR cpe:/a:nortel:optivity_telephony_manager:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:* OR cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_me:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp2:home:*:*:*:*:* OR cpe:/a:nortel:symposium_web_centre_portal:*:*:*:*:*:*:*:* OR cpe:/a:nortel:symposium_web_client:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:web:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:* OR cpe:/o:avaya:modular_messaging_message_storage_server:2.0:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:*:media_center:*:*:*:*:* OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:* OR cpe:/o:microsoft:windows_2000:*:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:* OR cpe:/o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_98:*:gold:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:* OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:x64:* AND cpe:/o:microsoft:windows_2000:-:sp3:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:* OR cpe:/o:microsoft:windows_nt:4.0:sp6a:*:*:server:*:x86:* OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_nt:4.0:sp6:*:*:terminal_server:*:x86:* OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:* Oval Definitions BACK
microsoft internet explorer 5.5
microsoft internet explorer 5.5 sp1
avaya ip600 media servers *
microsoft internet explorer 5.0.1
microsoft internet explorer 5.5 sp2
microsoft internet explorer 6.0
microsoft internet explorer 5.0.1 sp1
microsoft internet explorer 5.0.1 sp2
microsoft ie 6.0 sp1
microsoft ie 6.0 sp2
microsoft internet explorer 5.0.1 sp3
avaya definity one media server *
avaya s8100 *
avaya s3400 *
microsoft internet explorer 5.0.1 sp4
nortel ip softphone 2050 *
microsoft windows 2000 *
nortel mobile voice client 2050 *
nortel optivity telephony manager *
microsoft windows 2003 server enterprise
microsoft windows 98se *
microsoft windows me *
microsoft windows xp * sp1
microsoft windows xp * sp2
nortel symposium web centre portal *
nortel symposium web client *
microsoft windows xp * sp1
microsoft windows 2003 server web
microsoft windows 2003 server enterprise_64-bit
microsoft windows xp * gold
microsoft windows xp *
avaya modular messaging message storage server 2.0
microsoft windows 2000 * sp4
microsoft windows xp *
microsoft windows 2000 * sp2
microsoft windows 2003 server r2
microsoft windows 2000 * sp1
microsoft windows xp * sp2
microsoft windows xp *
microsoft windows xp * sp1
microsoft windows 2003 server standard
microsoft windows xp * sp2
avaya modular messaging message storage server 1.1
microsoft windows 98 * gold
microsoft windows 2003 server r2
microsoft windows 2000 * sp3
microsoft ie 6.0
microsoft ie 5.5 sp2
microsoft ie 6.0 sp1
microsoft ie 5.01 sp3
microsoft ie 5.01 sp4
microsoft windows xp - sp1
microsoft windows 2000 - sp3
microsoft windows xp - sp1
microsoft windows 2000 - sp4
microsoft windows nt 4.0 sp6a
microsoft windows 2003_server
microsoft windows 2003 server *
microsoft windows nt 4.0 sp6
microsoft windows xp sp2
Denotes that component is vulnerable