CVE-2004-0841

Microsoft Internet Explorer 5.0.1 - Popup.show Mouse Event Hijacking

Severity Score

8.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."

Internet Explorer 6.x permite a atacantes remotos instalar programas de su elección mediante eventos mousedown que llaman al método Popup.show y usan acciones "arrastrar y soltar" en una ventana emergente, también conocida como "HijackClick 3" y la "Vulnerabilidad de descarga de fichero con scritp en etiqueta de imagen"

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2004-07-12 First Exploit
2004-09-08 CVE Reserved
2004-09-14 CVE Published
2024-08-08 CVE Updated
2024-12-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (18)

URL	Tag	Source
http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html	Mailing List
http://secunia.com/advisories/12048	Third Party Advisory
http://securitytracker.com/id?1010679	Vdb Entry
http://www.kb.cert.org/vuls/id/413886	Third Party Advisory
http://www.osvdb.org/7774	Vdb Entry
http://www.securityfocus.com/archive/1/368666	Mailing List
http://www.us-cert.gov/cas/techalerts/TA04-293A.html	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16675	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/24266	2004-07-12
http://www.securityfocus.com/archive/1/368652	2024-08-08
http://www.securityfocus.com/bid/10690	2024-08-08

URL	Date	SRC

URL	Date	SRC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038	2021-07-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Avaya Search vendor "Avaya"		Ip600 Media Servers Search vendor "Avaya" for product "Ip600 Media Servers"				*		-		Affected
Microsoft Search vendor "Microsoft"		Ie Search vendor "Microsoft" for product "Ie"				6.0 Search vendor "Microsoft" for product "Ie" and version "6.0"		sp1		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				5.0.1 Search vendor "Microsoft" for product "Internet Explorer" and version "5.0.1"		-		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				5.0.1 Search vendor "Microsoft" for product "Internet Explorer" and version "5.0.1"		sp1		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				5.0.1 Search vendor "Microsoft" for product "Internet Explorer" and version "5.0.1"		sp2		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				5.0.1 Search vendor "Microsoft" for product "Internet Explorer" and version "5.0.1"		sp3		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				5.0.1 Search vendor "Microsoft" for product "Internet Explorer" and version "5.0.1"		sp4		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				5.5 Search vendor "Microsoft" for product "Internet Explorer" and version "5.5"		-		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				5.5 Search vendor "Microsoft" for product "Internet Explorer" and version "5.5"		sp1		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				5.5 Search vendor "Microsoft" for product "Internet Explorer" and version "5.5"		sp2		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				6.0 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0"		-		Affected
Avaya Search vendor "Avaya"		Definity One Media Server Search vendor "Avaya" for product "Definity One Media Server"				*		-		Affected
Avaya Search vendor "Avaya"		S3400 Search vendor "Avaya" for product "S3400"				*		-		Affected
Avaya Search vendor "Avaya"		S8100 Search vendor "Avaya" for product "S8100"				*		-		Affected
Avaya Search vendor "Avaya"		Modular Messaging Message Storage Server Search vendor "Avaya" for product "Modular Messaging Message Storage Server"				1.1 Search vendor "Avaya" for product "Modular Messaging Message Storage Server" and version "1.1"		-		Affected
Avaya Search vendor "Avaya"		Modular Messaging Message Storage Server Search vendor "Avaya" for product "Modular Messaging Message Storage Server"				2.0 Search vendor "Avaya" for product "Modular Messaging Message Storage Server" and version "2.0"		-		Affected