1. CVE-Search
  2. CVE-2004-0841
ID CVE-2004-0841
Summary Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
  • cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*
    cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*
  • cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
  • cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
  • cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*
    cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:*:*:*:*:*:*:*
    cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 23-07-2021 - 12:55)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
oval via4
  • accepted 2014-02-24T04:03:13.349-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
    family windows
    id oval:org.mitre.oval:def:2611
    status accepted
    submitted 2004-10-25T04:00:00.000-04:00
    title IE v6.0 HijackClick 3 / Script in Image Tag File Download Vulnerability
    version 68
  • accepted 2014-02-24T04:03:18.632-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
    family windows
    id oval:org.mitre.oval:def:4363
    status accepted
    submitted 2005-01-18T12:00:00.000-04:00
    title IE v5.01, SP3 HijackClick 3 / Script in Image Tag File Download Vulnerability
    version 67
  • accepted 2014-02-24T04:03:23.531-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
    family windows
    id oval:org.mitre.oval:def:5620
    status accepted
    submitted 2005-01-18T12:00:00.000-04:00
    title IE v6.0 for 2003, SP3 HijackClick 3 / Script in Image Tag File Download Vulnerability
    version 68
  • accepted 2014-02-24T04:03:24.130-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
    family windows
    id oval:org.mitre.oval:def:6031
    status accepted
    submitted 2004-10-25T07:54:00.000-04:00
    title IE v5.5, SP2 HijackClick 3 / Script in Image Tag File Download Vulnerability
    version 67
  • accepted 2014-02-24T04:03:24.192-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
    family windows
    id oval:org.mitre.oval:def:6048
    status accepted
    submitted 2005-01-18T12:00:00.000-04:00
    title IE v5.01, SP4 HijackClick 3 / Script in Image Tag File Download Vulnerability
    version 67
  • accepted 2014-02-24T04:03:27.894-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
    family windows
    id oval:org.mitre.oval:def:8077
    status accepted
    submitted 2005-01-18T12:00:00.000-04:00
    title IE v6.0, SP1 HijackClick 3 / Script in Image Tag File Download Vulnerability
    version 68
refmap via4
bid 10690
bugtraq
  • 20040711 HijackClick 3
  • 20040712 Re: HijackClick 3
cert TA04-293A
cert-vn VU#413886
fulldisc 20040712 Brand New Hole: Internet Explorer: HijackClick 3
osvdb 7774
sectrack 1010679
secunia 12048
xf ie-popupshow-perform-actions(16675)
Last major update 23-07-2021 - 12:55
Published 23-12-2004 - 05:00
Last modified 23-07-2021 - 12:55
Back to Top