CWE
NVD-CWE-Other
Advisory Published
CVE Published
Updated

CVE-2004-0839

First published: Wed Aug 18 2004(Updated: )

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Avaya DEFINITY ONE Media Server
Microsoft Internet Explorer=6.0-sp1
Avaya S8100
Avaya IP600 Media Servers
Microsoft Internet Explorer=6.0-sp2
Avaya S3400
Internet Explorer=5.5-sp2
Internet Explorer=5.0.1
Internet Explorer=5.0.1-sp2
Internet Explorer=5.0.1-sp3
Internet Explorer=5.0.1-sp4
Internet Explorer=5.0.1-sp1
Internet Explorer=5.5
Internet Explorer=5.5-sp1
Internet Explorer=6.0
Microsoft Windows XP=sp1
Nortel Optivity Telephony Manager
Microsoft Windows Server 2003=web
Microsoft Windows Server 2003=enterprise
Microsoft Windows Server 2003=enterprise_64-bit
Microsoft Windows XP=gold
Microsoft Windows 2000
Microsoft Windows XP
Avaya Modular Messaging Message Storage Server=2.0
Microsoft Windows 2000=sp4
Microsoft Windows XP=sp2
Microsoft Windows XP
Microsoft Windows XP=sp1
Microsoft Windows 98
Microsoft Windows 2000=sp2
Nortel Symposium Web Client
Microsoft Windows Server 2003=r2
Microsoft Windows 2000=sp1
Nortel IP Softphone 2050
Microsoft Windows XP=sp2
Microsoft Windows XP
Microsoft Windows
Nortel Symposium Web Centre Portal
Microsoft Windows XP=sp1
Microsoft Windows Server 2003=standard
Microsoft Windows XP=sp2
Avaya Modular Messaging Message Storage Server=1.1
Microsoft Windows 9x=gold
Nortel Mobile Voice Client 2050
Microsoft Windows Server 2003=r2
Microsoft Windows 2000=sp3

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of CVE-2004-0839?

    CVE-2004-0839 is considered a high severity vulnerability due to its potential to allow remote code execution.

  • How do I fix CVE-2004-0839?

    To fix CVE-2004-0839, users should apply the latest security updates and patches from Microsoft.

  • Which software is affected by CVE-2004-0839?

    CVE-2004-0839 affects multiple versions of Microsoft Internet Explorer, Windows XP, and various Avaya devices.

  • Can CVE-2004-0839 compromise my system security?

    Yes, CVE-2004-0839 can compromise system security by allowing attackers to install arbitrary programs on an affected system.

  • What techniques do attackers use in CVE-2004-0839?

    Attackers exploit CVE-2004-0839 using a web page that manipulates certain styles and behaviors to drop malicious programs.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203