VDB
CVE-2004-0839
CVE-2004-0839
PUBLISHED
CVSS 5 MEDIUM
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
EPSS 45.91% · 97.7th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
45.91%
97.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| avaya | s3400 | |
| nortel | optivity_telephony_manager | |
| nortel | ip_softphone_2050 | |
| avaya | definity_one_media_server | |
| nortel | mobile_voice_client_2050 | |
| microsoft | ie | 6.0, 6.0, 6.0 |
| n/a | n/a | *, n/a |
| microsoft | windows_2003_server | enterprise_64-bit, enterprise, enterprise_64-bit |
| microsoft | windows_98se | |
| microsoft | windows_xp | |
| microsoft | windows_me | |
| avaya | s8100 | |
| nortel | symposium_web_centre_portal | |
| avaya | ip600_media_servers | |
| avaya | modular_messaging_message_storage_server | 1.1, 1.1, 1.1 |
| nortel | symposium_web_client | |
| microsoft | internet_explorer | 5.0.1, 5.0.1, 5.5 |
| microsoft | windows_98 | |
| microsoft | windows_2000 |
Timeline
- Aug 18, 2004 CVE Published
- Nov 9, 2004 VulnCheck KEV Exploitation
- Feb 4, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
References
- http://www.securityfocus.com/bid/10973 exploit
- http://www.kb.cert.org/vuls/id/526089 patch
- oval:org.mitre.oval:def:7721 vdb
- 20040824 What A Drag! -revisited- mailing-list
- MS04-038 vendor-advisory
- oval:org.mitre.oval:def:6272 vdb
- 20040818 What A Drag II XP SP2 mailing-list
- oval:org.mitre.oval:def:2073 vdb
- 20040818 What A Drag II XP SP2 mailing-list
- TA04-293A third-party-advisory
- oval:org.mitre.oval:def:4152 vdb
- oval:org.mitre.oval:def:3773 vdb
- ie-dragdrop-code-execution(17044) vdb
- oval:org.mitre.oval:def:1563 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2004-0839 advisory