CVE-2004-0841

Severity

50%

Complexity

99%

Confidentiality

48%

Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."

Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N).

Overview

First reported 20 years ago

2004-12-23 05:00:00

Last updated 6 years ago

2018-10-12 21:35:00

Affected Software

Avaya IP600 Media Servers

Microsoft Internet Explorer 5.0.1

5.0.1

Microsoft Internet Explorer 5.0.1 SP1

5.0.1

Microsoft Internet Explorer 5.0.1 SP2

5.0.1

Microsoft Internet Explorer 5.0.1 SP3

5.0.1

Microsoft Internet Explorer 5.0.1 Service Pack 4

5.0.1

Microsoft ie 5.5

5.5

Microsoft Internet Explorer 5.5 SP1

5.5

Microsoft Internet Explorer 5.5 SP2

5.5

Microsoft Internet Explorer 6.0

6.0

Avaya DefinityOne Media Server

Avaya S3400

Avaya S8100

References

20040712 Brand New Hole: Internet Explorer: HijackClick 3

12048

1010679

VU#413886

US Government Resource

7774

20040711 HijackClick 3

Exploit, Patch, Vendor Advisory

20040712 Re: HijackClick 3

10690

Exploit, Patch, Vendor Advisory

TA04-293A

US Government Resource

MS04-038

ie-popupshow-perform-actions(16675)

oval:org.mitre.oval:def:2611

oval:org.mitre.oval:def:4363

oval:org.mitre.oval:def:5620

oval:org.mitre.oval:def:6031

oval:org.mitre.oval:def:6048

oval:org.mitre.oval:def:8077

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.