CVE-2004-0839 : Detail

CVE-2004-0839

69.89%V3
Network
2004-09-14
02h00 +00:00
2018-10-12
17h57 +00:00
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 5 AV:N/AC:L/Au:N/C:N/I:P/A:N [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Products Mentioned

Configuraton 0

Avaya>>Ip600_media_servers >> Version *

Microsoft>>Ie >> Version 6.0

    Microsoft>>Ie >> Version 6.0

      Microsoft>>Internet_explorer >> Version 5.0.1

      Microsoft>>Internet_explorer >> Version 5.0.1

      Microsoft>>Internet_explorer >> Version 5.0.1

      Microsoft>>Internet_explorer >> Version 5.0.1

      Microsoft>>Internet_explorer >> Version 5.0.1

      Microsoft>>Internet_explorer >> Version 5.5

      Microsoft>>Internet_explorer >> Version 5.5

      Microsoft>>Internet_explorer >> Version 5.5

      Microsoft>>Internet_explorer >> Version 6.0

      Avaya>>Definity_one_media_server >> Version *

      Avaya>>S3400 >> Version *

      Avaya>>S8100 >> Version *

      Configuraton 0

      Nortel>>Ip_softphone_2050 >> Version *

      Nortel>>Mobile_voice_client_2050 >> Version *

      Nortel>>Optivity_telephony_manager >> Version *

      Nortel>>Symposium_web_centre_portal >> Version *

      Nortel>>Symposium_web_client >> Version *

      Avaya>>Modular_messaging_message_storage_server >> Version 1.1

        Avaya>>Modular_messaging_message_storage_server >> Version 2.0

          Microsoft>>Windows_2000 >> Version *

          Microsoft>>Windows_2000 >> Version *

          Microsoft>>Windows_2000 >> Version *

          Microsoft>>Windows_2000 >> Version *

          Microsoft>>Windows_2000 >> Version *

          Microsoft>>Windows_2003_server >> Version enterprise

            Microsoft>>Windows_2003_server >> Version enterprise_64-bit

              Microsoft>>Windows_2003_server >> Version r2

                Microsoft>>Windows_2003_server >> Version r2

                  Microsoft>>Windows_2003_server >> Version standard

                    Microsoft>>Windows_2003_server >> Version web

                      Microsoft>>Windows_98 >> Version *

                      Microsoft>>Windows_98se >> Version *

                      Microsoft>>Windows_me >> Version *

                      Microsoft>>Windows_xp >> Version *

                        Microsoft>>Windows_xp >> Version *

                        Microsoft>>Windows_xp >> Version *

                        Microsoft>>Windows_xp >> Version *

                        Microsoft>>Windows_xp >> Version *

                          Microsoft>>Windows_xp >> Version *

                          Microsoft>>Windows_xp >> Version *

                          Microsoft>>Windows_xp >> Version *

                          Microsoft>>Windows_xp >> Version *

                          Microsoft>>Windows_xp >> Version *

                          References

                          http://www.securityfocus.com/bid/10973
                          Tags : vdb-entry, x_refsource_BID
                          http://marc.info/?l=bugtraq&m=109336221826652&w=2
                          Tags : mailing-list, x_refsource_BUGTRAQ
                          http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html
                          Tags : mailing-list, x_refsource_FULLDISC
                          http://marc.info/?l=bugtraq&m=109303291513335&w=2
                          Tags : mailing-list, x_refsource_BUGTRAQ
                          http://www.us-cert.gov/cas/techalerts/TA04-293A.html
                          Tags : third-party-advisory, x_refsource_CERT
                          http://www.kb.cert.org/vuls/id/526089
                          Tags : third-party-advisory, x_refsource_CERT-VN