CVE-2004-0839 - Secunia.com

CVE Reference: CVE-2004-0839
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-0839

Description: Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/17044 OVAL http://oval.mitre.org/oval/definitions/data/oval6272.html http://oval.mitre.org/oval/definitions/data/oval2073.html http://oval.mitre.org/oval/definitions/data/oval3773.html http://oval.mitre.org/oval/definitions/data/oval1563.html http://oval.mitre.org/oval/definitions/data/oval4152.html http://oval.mitre.org/oval/definitions/data/oval7721.html MS http://www.microsoft.com/technet/security/bulletin/ms04-038.mspx FULLDISC http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html CERT-VN 526089 CERT http://www.us-cert.gov/cas/techalerts/TA04-293A.html BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=109336221826652&w=2 http://marc.theaimsgroup.com/?l=bugtraq&m=109303291513335&w=2 BID 10973

Return to the previous page.

Secunia