Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0841

5 documents5 sources
Severity
5.0MEDIUM
EPSS
56.0%
top 1.90%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Avaya Modular Messaging Message Storage ServerMicrosoft IEMicrosoft Internet Explorer
Timeline
PublishedDec 23
Latest updateApr 29

Description

Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

NVDmicrosoft/internet_explorer5.0.1, 5.5, 6.0+2
NVDmicrosoft/ie6.0

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
GHSA-fgjq-p2q2-66cx: Internet Explorer 62022-04-29
CVEList
CVE-2004-0841: Internet Explorer 62004-09-14
VulnCheck
Microsoft Internet Explorer Popup.show Method Vulnerability2004

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 5.0.1 - Popup.show Mouse Event Hijacking2004-07-12
CVE-2004-0841 (MEDIUM CVSS 5) | Internet Explorer 6.x allows remote | cvebase.io