CVE-2004-0841

Published: Dec 23, 2004Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."

Affected (16)

Products: Avaya: Definity One Media Server, Ip600 Media Servers, S3400, S8100, Modular Messaging Message Storage Server · Microsoft: Ie, Internet Explorer

5 products

Definity One Media Server

Ip600 Media Servers

Modular Messaging Message Storage Server

2 products

Internet Explorer

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Avaya Definity One Media Server	All versions
Avaya Ip600 Media Servers	All versions
Avaya S3400	All versions
Avaya S8100	All versions
Microsoft Ie	Version 6.0 sp1
Microsoft Internet Explorer	Version 5.0.1
Microsoft Internet Explorer	Version 5.0.1 sp1
Microsoft Internet Explorer	Version 5.0.1 sp2
Microsoft Internet Explorer	Version 5.0.1 sp3
Microsoft Internet Explorer	Version 5.0.1 sp4
Microsoft Internet Explorer	Version 5.5
Microsoft Internet Explorer	Version 5.5 sp1
Microsoft Internet Explorer	Version 5.5 sp2
Microsoft Internet Explorer	Version 6.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Avaya Modular Messaging Message Storage Server	Version 1.1
Avaya Modular Messaging Message Storage Server	Version 2.0

References (34)

http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html

Source: cve@mitre.org

http://secunia.com/advisories/12048

Source: cve@mitre.org

http://securitytracker.com/id?1010679

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/413886

Source: cve@mitre.org

US Government Resource

http://www.osvdb.org/7774

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/368652

Source: cve@mitre.org

ExploitPatchVendor Advisory

http://www.securityfocus.com/archive/1/368666

Source: cve@mitre.org

http://www.securityfocus.com/bid/10690

Source: cve@mitre.org

ExploitPatchVendor Advisory

http://www.us-cert.gov/cas/techalerts/TA04-293A.html

Source: cve@mitre.org

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/16675

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077

Source: cve@mitre.org

http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/12048

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1010679

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/413886

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.osvdb.org/7774

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/368652

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

http://www.securityfocus.com/archive/1/368666

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/10690

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

http://www.us-cert.gov/cas/techalerts/TA04-293A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/16675

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.