CVE-2004-0841

Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."

Published: Dec 23, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-0841
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
avaya / definity_one_media_server	-	-
microsoft / ie	6.0-sp1	6.0-sp1.x
avaya / s8100	-	-
avaya / ip600_media_servers	-	-
avaya / s3400	-	-
microsoft / internet_explorer	5.5-sp2	5.5-sp2.x
microsoft / internet_explorer	5.0.1	5.0.1.x
microsoft / internet_explorer	5.0.1-sp2	5.0.1-sp2.x
microsoft / internet_explorer	5.0.1-sp3	5.0.1-sp3.x
microsoft / internet_explorer	5.0.1-sp4	5.0.1-sp4.x
microsoft / internet_explorer	5.0.1-sp1	5.0.1-sp1.x
microsoft / internet_explorer	5.5	5.5.x
microsoft / internet_explorer	5.5-sp1	5.5-sp1.x
microsoft / internet_explorer	6.0	6.0.x
avaya / modular_messaging_message_storage_server	2.0	2.0.x
avaya / modular_messaging_message_storage_server	1.1	1.1.x

Vulnerability Database

289,599

CVE-2004-0841