CVE-2004-0839

medium Microsoft
CVSS v3 Base Score
5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS Score
42.0%
Exploitation probability in 30 days
Top 3% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
P
Availability
None
Published: August 18, 2004 (7939 days ago)
Last Modified: April 16, 2026
Vendor: Microsoft
Source: NVD

Description

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".

CWE

NVD-CWE-Other

Affected Products

avaya ip600 media serversmicrosoft iemicrosoft internet exploreravaya definity one media serveravaya s3400avaya s8100nortel ip softphone 2050nortel mobile voice client 2050nortel optivity telephony managernortel symposium web centre portal

References

🔗 marc.info 🔗 marc.info 🔗 seclists.org 🔗 www.kb.cert.org 🔗 www.securityfocus.com