CVE-2004-1686
First published: Wed Sep 15 2004(Updated: )
Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Internet Explorer | =6.0-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-1686?
CVE-2004-1686 is classified as a moderate severity vulnerability.
How do I fix CVE-2004-1686?
To mitigate CVE-2004-1686, users should upgrade to the latest version of Internet Explorer or apply available security patches.
What type of attacks can exploit CVE-2004-1686?
CVE-2004-1686 can be exploited by remote attackers to bypass security prompts related to ActiveX and Javascript.
Which versions of Internet Explorer are affected by CVE-2004-1686?
CVE-2004-1686 affects Internet Explorer 6.0 running on Windows XP SP2.
Is CVE-2004-1686 still relevant today?
While CVE-2004-1686 may not be widely exploited today due to the age of the software, it highlights long-standing vulnerabilities in legacy systems.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft internet explorer
- version/microsoft internet explorer/6.0-sp2