5

CVE-2004-0839

Exploit
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftIe Version6.0 Updatesp1
MicrosoftIe Version6.0 Updatesp2
MicrosoftInternet Explorer Version5.0.1
MicrosoftInternet Explorer Version5.0.1 Updatesp1
MicrosoftInternet Explorer Version5.0.1 Updatesp2
MicrosoftInternet Explorer Version5.0.1 Updatesp3
MicrosoftInternet Explorer Version5.0.1 Updatesp4
MicrosoftInternet Explorer Version5.5
MicrosoftInternet Explorer Version5.5 Updatesp1
MicrosoftInternet Explorer Version5.5 Updatesp2
MicrosoftInternet Explorer Version6.0
AvayaS3400
AvayaS8100
MicrosoftWindows 2000 Updatesp1
MicrosoftWindows 2000 Updatesp2
MicrosoftWindows 2000 Updatesp3
MicrosoftWindows 2000 Updatesp4
MicrosoftWindows 2003 Server Versionenterprise Edition64-bit
MicrosoftWindows 2003 Server Versionenterprise_64-bit
MicrosoftWindows 2003 Server Versionr2 Edition64-bit
MicrosoftWindows 2003 Server Versionr2 Editiondatacenter_64-bit
MicrosoftWindows 2003 Server Versionstandard Edition64-bit
MicrosoftWindows 98 Updategold
MicrosoftWindows Xp Edition64-bit
MicrosoftWindows Xp Editionhome
MicrosoftWindows Xp Editionmedia_center
MicrosoftWindows Xp Updategold Editionprofessional
MicrosoftWindows Xp Updatesp1 Edition64-bit
MicrosoftWindows Xp Updatesp1 Editionhome
MicrosoftWindows Xp Updatesp1 Editionmedia_center
MicrosoftWindows Xp Updatesp2 Editionhome
MicrosoftWindows Xp Updatesp2 Editionmedia_center
MicrosoftWindows Xp Updatesp2 Editiontablet_pc
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 33.08% 0.981
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.us-cert.gov/cas/techalerts/TA04-293A.html
Patch
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038
http://marc.info/?l=bugtraq&m=109303291513335&w=2
http://marc.info/?l=bugtraq&m=109336221826652&w=2
http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html
Vendor Advisory
http://www.kb.cert.org/vuls/id/526089
Patch
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/10973
Patch
Vendor Advisory
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/17044
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721