First published: Wed Aug 18 2004(Updated: )
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Avaya DEFINITY ONE Media Server | ||
Microsoft Internet Explorer | =6.0-sp1 | |
Avaya S8100 | ||
Avaya IP600 Media Servers | ||
Microsoft Internet Explorer | =6.0-sp2 | |
Avaya S3400 | ||
Internet Explorer | =5.5-sp2 | |
Internet Explorer | =5.0.1 | |
Internet Explorer | =5.0.1-sp2 | |
Internet Explorer | =5.0.1-sp3 | |
Internet Explorer | =5.0.1-sp4 | |
Internet Explorer | =5.0.1-sp1 | |
Internet Explorer | =5.5 | |
Internet Explorer | =5.5-sp1 | |
Internet Explorer | =6.0 | |
Microsoft Windows XP | =sp1 | |
Nortel Optivity Telephony Manager | ||
Microsoft Windows Server 2003 | =web | |
Microsoft Windows Server 2003 | =enterprise | |
Microsoft Windows Server 2003 | =enterprise_64-bit | |
Microsoft Windows XP | =gold | |
Microsoft Windows 2000 | ||
Microsoft Windows XP | ||
Avaya Modular Messaging Message Storage Server | =2.0 | |
Microsoft Windows 2000 | =sp4 | |
Microsoft Windows XP | =sp2 | |
Microsoft Windows XP | ||
Microsoft Windows XP | =sp1 | |
Microsoft Windows 98 | ||
Microsoft Windows 2000 | =sp2 | |
Nortel Symposium Web Client | ||
Microsoft Windows Server 2003 | =r2 | |
Microsoft Windows 2000 | =sp1 | |
Nortel IP Softphone 2050 | ||
Microsoft Windows XP | =sp2 | |
Microsoft Windows XP | ||
Microsoft Windows | ||
Nortel Symposium Web Centre Portal | ||
Microsoft Windows XP | =sp1 | |
Microsoft Windows Server 2003 | =standard | |
Microsoft Windows XP | =sp2 | |
Avaya Modular Messaging Message Storage Server | =1.1 | |
Microsoft Windows 9x | =gold | |
Nortel Mobile Voice Client 2050 | ||
Microsoft Windows Server 2003 | =r2 | |
Microsoft Windows 2000 | =sp3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2004-0839 is considered a high severity vulnerability due to its potential to allow remote code execution.
To fix CVE-2004-0839, users should apply the latest security updates and patches from Microsoft.
CVE-2004-0839 affects multiple versions of Microsoft Internet Explorer, Windows XP, and various Avaya devices.
Yes, CVE-2004-0839 can compromise system security by allowing attackers to install arbitrary programs on an affected system.
Attackers exploit CVE-2004-0839 using a web page that manipulates certain styles and behaviors to drop malicious programs.