Vulnerability Name:

CVE-2004-0979 (CCN-17820)

Assigned:2004-10-12
Published:2004-10-12
Updated:2021-07-23
Summary:Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2004-0979

Source: CCN
Type: US-CERT VU#630720
Microsoft Internet Explorer fails to honor Drag and Drop zone security preference

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#630720

Source: CCN
Type: Microsoft Security Bulletin MS04-038
Cumulative Security Update for Internet Explorer (834707)

Source: CCN
Type: Microsoft Security Bulletin MS04-040
Cumulative Security Update for Internet Explorer (889293)

Source: CCN
Type: Microsoft Security Bulletin MS05-014
Cumulative Security Update for Internet Explorer (867282)

Source: CCN
Type: Microsoft Security Bulletin MS05-020
Cumulative Security Update for Internet Explorer (890923)

Source: CCN
Type: Microsoft Security Bulletin MS05-025
Cumulative Security Update for Internet Explorer (883939)

Source: CCN
Type: Microsoft Security Bulletin MS05-038
Cumulative Security Update for Internet Explorer (896727)

Source: CCN
Type: Microsoft Security Bulletin MS05-052
Cumulative Security Update for Internet Explorer (896688)

Source: CCN
Type: Microsoft Security Bulletin MS05-054
Cumulative Security Update for Internet Explorer (905915)

Source: CCN
Type: Microsoft Security Bulletin MS06-004
Cumulative Security Update for Internet Explorer (910620)

Source: CCN
Type: Microsoft Security Bulletin MS06-013
Cumulative Security Update for Internet Explorer (912812)

Source: CCN
Type: Microsoft Security Bulletin MS06-021
Cumulative Security Update for Internet Explorer (916281)

Source: CCN
Type: Microsoft Security Bulletin MS06-042
Cumulative Security Update for Internet Explorer (918899)

Source: CCN
Type: Microsoft Security Bulletin MS06-067
Cumulative Security Update for Internet Explorer (922760)

Source: CCN
Type: Microsoft Security Bulletin MS06-072
Cumulative Security Update for Internet Explorer (925454)

Source: CCN
Type: Microsoft Security Bulletin MS07-016
Cumulative Security Update for Internet Explorer (928090)

Source: CCN
Type: Microsoft Security Bulletin MS07-027
Cumulative Security Update for Internet Explorer (931768)

Source: CCN
Type: Microsoft Security Bulletin MS07-033
Cumulative Security Update for Internet Explorer (933566)

Source: CCN
Type: Microsoft Security Bulletin MS07-045
Cumulative Security Update for Internet Explorer (937143)

Source: CCN
Type: Microsoft Security Bulletin MS07-057
Cumulative Security Update for Internet Explorer (939653)

Source: CCN
Type: Microsoft Security Bulletin MS07-069
Cumulative Security Update for Internet Explorer (942615)

Source: CCN
Type: Microsoft Security Bulletin MS08-010
Cumulative Security Update for Internet Explorer (944533)

Source: CCN
Type: Microsoft Security Bulletin MS08-024
Cumulative Security Update for Internet Explorer (947864)

Source: CCN
Type: Microsoft Security Bulletin MS08-031
Cumulative Security Update for Internet Explorer (950759)

Source: CCN
Type: Microsoft Security Bulletin MS08-045
Cumulative Security Update for Internet Explorer (953838)

Source: CCN
Type: Microsoft Security Bulletin MS08-058
Cumulative Security Update for Internet Explorer (956390)

Source: CCN
Type: OSVDB ID: 15221
Microsoft IE Drag and Drop Zone Security Preference Bypass

Source: CCN
Type: BID-11466
Microsoft Internet Explorer Valid File Drag and Drop Embedded Code Vulnerability

Source: CERT
Type: US Government Resource
TA04-293A

Source: MS
Type: UNKNOWN
MS04-038

Source: XF
Type: UNKNOWN
ie-dragdrop-security-bypass(17820)

Source: XF
Type: UNKNOWN
ie-dragdrop-security-bypass(17820)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp2:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:microsoft:windows_xp:*:*:embedded:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    microsoft internet explorer 6.0
    microsoft ie 6.0 sp1
    microsoft ie 6.0 sp2
    microsoft windows xp *
    microsoft windows xp *
    microsoft windows xp * sp2
    microsoft windows xp * sp2
    microsoft windows xp * sp1
    microsoft windows xp * sp1
    microsoft windows xp *
    microsoft windows xp * gold
    microsoft windows xp * sp2
    microsoft windows xp *
    microsoft windows xp * sp1
    microsoft windows xp * sp1
    microsoft ie 6.0