PT-2004-1901 · Microsoft · Windows Xp+1

Http-Equiv

Published

2004-08-18

Updated

2021-07-23

CVE-2004-0839

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 5.01 through 5.5 Internet Explorer in Windows XP SP2

Description: The issue allows remote attackers to install arbitrary programs via a web page that utilizes certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder.

Recommendations: For Internet Explorer versions 5.01 through 5.5, consider disabling the drag-and-drop capability and AnchorClick behavior as a temporary workaround until a patch is available. For Internet Explorer in Windows XP SP2, restrict access to the local startup folder to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0839

Affected Products

Internet Explorer

Windows Xp

PT-2004-1901 · Microsoft · Windows Xp+1

CVE-2004-0839

Related Identifiers

Affected Products

References · 15