CVE-2004-0839

Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 5.01 through 5.5 Internet Explorer in Windows XP SP2

Description: The issue allows remote attackers to install arbitrary programs via a web page that utilizes certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder.

Recommendations: For Internet Explorer versions 5.01 through 5.5, consider disabling the drag-and-drop capability and AnchorClick behavior as a temporary workaround until a patch is available. For Internet Explorer in Windows XP SP2, restrict access to the local startup folder to minimize the risk of exploitation.