Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for s3400 by avaya

    CVE-2007-2374 (GCVE-0-2007-2374)

    Vulnerability from nvd – Published: 2007-04-30 23:00 – Updated: 2024-08-07 13:33
    VLAI
    Summary
    Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-03-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:33:28.629Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "35637",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/35637"
              },
              {
                "name": "win-unspecified-code-execution(34444)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34444"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://research.eeye.com/html/advisories/upcoming/20070327.html"
              },
              {
                "name": "23332",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23332"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.  NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "35637",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/35637"
            },
            {
              "name": "win-unspecified-code-execution(34444)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34444"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://research.eeye.com/html/advisories/upcoming/20070327.html"
            },
            {
              "name": "23332",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23332"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2374",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.  NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "35637",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/35637"
                },
                {
                  "name": "win-unspecified-code-execution(34444)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34444"
                },
                {
                  "name": "http://research.eeye.com/html/advisories/upcoming/20070327.html",
                  "refsource": "MISC",
                  "url": "http://research.eeye.com/html/advisories/upcoming/20070327.html"
                },
                {
                  "name": "23332",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23332"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2374",
        "datePublished": "2007-04-30T23:00:00.000Z",
        "dateReserved": "2007-04-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:33:28.629Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1765 (GCVE-0-2007-1765)

    Vulnerability from nvd – Published: 2007-03-30 00:00 – Updated: 2024-08-07 13:06
    VLAI
    Summary
    Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2007-03-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:06:26.389Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070330 ANI Zeroday, Third Party Patch",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/464287/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://research.eeye.com/html/alerts/zeroday/20070328.html"
              },
              {
                "name": "20070331 Windows .ANI Stack Overflow Exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/464345/100/0/threaded"
              },
              {
                "name": "ADV-2007-1151",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1151"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://vil.nai.com/vil/content/v_141860.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.avertlabs.com/research/blog/?p=230"
              },
              {
                "name": "23194",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23194"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.microsoft.com/technet/security/advisory/935423.mspx"
              },
              {
                "name": "1017827",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017827"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.avertlabs.com/research/blog/?p=233"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7.  NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20070330 ANI Zeroday, Third Party Patch",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/464287/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://research.eeye.com/html/alerts/zeroday/20070328.html"
            },
            {
              "name": "20070331 Windows .ANI Stack Overflow Exploit",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/464345/100/0/threaded"
            },
            {
              "name": "ADV-2007-1151",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1151"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://vil.nai.com/vil/content/v_141860.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.avertlabs.com/research/blog/?p=230"
            },
            {
              "name": "23194",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23194"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.microsoft.com/technet/security/advisory/935423.mspx"
            },
            {
              "name": "1017827",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017827"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.avertlabs.com/research/blog/?p=233"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1765",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7.  NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070330 ANI Zeroday, Third Party Patch",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/464287/100/0/threaded"
                },
                {
                  "name": "http://research.eeye.com/html/alerts/zeroday/20070328.html",
                  "refsource": "MISC",
                  "url": "http://research.eeye.com/html/alerts/zeroday/20070328.html"
                },
                {
                  "name": "20070331 Windows .ANI Stack Overflow Exploit",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/464345/100/0/threaded"
                },
                {
                  "name": "ADV-2007-1151",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1151"
                },
                {
                  "name": "http://vil.nai.com/vil/content/v_141860.htm",
                  "refsource": "MISC",
                  "url": "http://vil.nai.com/vil/content/v_141860.htm"
                },
                {
                  "name": "http://www.avertlabs.com/research/blog/?p=230",
                  "refsource": "MISC",
                  "url": "http://www.avertlabs.com/research/blog/?p=230"
                },
                {
                  "name": "23194",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23194"
                },
                {
                  "name": "http://www.microsoft.com/technet/security/advisory/935423.mspx",
                  "refsource": "CONFIRM",
                  "url": "http://www.microsoft.com/technet/security/advisory/935423.mspx"
                },
                {
                  "name": "1017827",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017827"
                },
                {
                  "name": "http://www.avertlabs.com/research/blog/?p=233",
                  "refsource": "MISC",
                  "url": "http://www.avertlabs.com/research/blog/?p=233"
                },
                {
                  "name": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/",
                  "refsource": "MISC",
                  "url": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1765",
        "datePublished": "2007-03-30T00:00:00.000Z",
        "dateReserved": "2007-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:06:26.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-1050 (GCVE-0-2004-1050)

    Vulnerability from nvd – Published: 2004-11-18 05:00 – Updated: 2024-08-08 00:38
    VLAI
    Summary
    Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/842160 third-party-advisoryx_refsource_CERT-VN
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://marc.info/?l=bugtraq&m=109942758911846&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/11515 vdb-entryx_refsource_BID
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    http://www.us-cert.gov/cas/techalerts/TA04-315A.html third-party-advisoryx_refsource_CERT
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/12959/ third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/379261 mailing-listx_refsource_BUGTRAQ
    http://www.us-cert.gov/cas/techalerts/TA04-336A.html third-party-advisoryx_refsource_CERT
    Date Public
    2004-10-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:38:59.861Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#842160",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/842160"
              },
              {
                "name": "20041023 python does mangleme (with IE bugs!)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html"
              },
              {
                "name": "MS04-040",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040"
              },
              {
                "name": "20041102 MSIE \u003cIFRAME\u003e and \u003cFRAME\u003e tag NAME property bufferoverflow PoC",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2"
              },
              {
                "name": "11515",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/11515"
              },
              {
                "name": "oval:org.mitre.oval:def:1294",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294"
              },
              {
                "name": "20041025 python does mangleme (with IE bugs!)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html"
              },
              {
                "name": "TA04-315A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html"
              },
              {
                "name": "ie-iframe-src-name-bo(17889)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889"
              },
              {
                "name": "12959",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/12959/"
              },
              {
                "name": "20041024 python does mangleme (with IE bugs!)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/379261"
              },
              {
                "name": "TA04-336A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-10-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka \"the IFRAME vulnerability\" or the \"HTML Elements Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "VU#842160",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/842160"
            },
            {
              "name": "20041023 python does mangleme (with IE bugs!)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html"
            },
            {
              "name": "MS04-040",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040"
            },
            {
              "name": "20041102 MSIE \u003cIFRAME\u003e and \u003cFRAME\u003e tag NAME property bufferoverflow PoC",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2"
            },
            {
              "name": "11515",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/11515"
            },
            {
              "name": "oval:org.mitre.oval:def:1294",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294"
            },
            {
              "name": "20041025 python does mangleme (with IE bugs!)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html"
            },
            {
              "name": "TA04-315A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html"
            },
            {
              "name": "ie-iframe-src-name-bo(17889)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889"
            },
            {
              "name": "12959",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/12959/"
            },
            {
              "name": "20041024 python does mangleme (with IE bugs!)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/379261"
            },
            {
              "name": "TA04-336A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-1050",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka \"the IFRAME vulnerability\" or the \"HTML Elements Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#842160",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/842160"
                },
                {
                  "name": "20041023 python does mangleme (with IE bugs!)",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html"
                },
                {
                  "name": "MS04-040",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040"
                },
                {
                  "name": "20041102 MSIE \u003cIFRAME\u003e and \u003cFRAME\u003e tag NAME property bufferoverflow PoC",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2"
                },
                {
                  "name": "11515",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/11515"
                },
                {
                  "name": "oval:org.mitre.oval:def:1294",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294"
                },
                {
                  "name": "20041025 python does mangleme (with IE bugs!)",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html"
                },
                {
                  "name": "TA04-315A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html"
                },
                {
                  "name": "ie-iframe-src-name-bo(17889)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889"
                },
                {
                  "name": "12959",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/12959/"
                },
                {
                  "name": "20041024 python does mangleme (with IE bugs!)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/379261"
                },
                {
                  "name": "TA04-336A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-1050",
        "datePublished": "2004-11-18T05:00:00.000Z",
        "dateReserved": "2004-11-17T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:38:59.861Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0841 (GCVE-0-2004-0841)

    Vulnerability from nvd – Published: 2004-09-14 04:00 – Updated: 2024-08-08 00:31
    VLAI
    Summary
    Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/413886 third-party-advisoryx_refsource_CERT-VN
    http://securitytracker.com/id?1010679 vdb-entryx_refsource_SECTRACK
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/12048 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.us-cert.gov/cas/techalerts/TA04-293A.html third-party-advisoryx_refsource_CERT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.securityfocus.com/bid/10690 vdb-entryx_refsource_BID
    http://www.osvdb.org/7774 vdb-entryx_refsource_OSVDB
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.securityfocus.com/archive/1/368652 mailing-listx_refsource_BUGTRAQ
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.securityfocus.com/archive/1/368666 mailing-listx_refsource_BUGTRAQ
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    Date Public
    2004-07-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:31:47.829Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#413886",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/413886"
              },
              {
                "name": "1010679",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1010679"
              },
              {
                "name": "oval:org.mitre.oval:def:2611",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611"
              },
              {
                "name": "MS04-038",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
              },
              {
                "name": "oval:org.mitre.oval:def:8077",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077"
              },
              {
                "name": "12048",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/12048"
              },
              {
                "name": "ie-popupshow-perform-actions(16675)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
              },
              {
                "name": "TA04-293A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
              },
              {
                "name": "oval:org.mitre.oval:def:4363",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363"
              },
              {
                "name": "10690",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/10690"
              },
              {
                "name": "7774",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/7774"
              },
              {
                "name": "oval:org.mitre.oval:def:5620",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620"
              },
              {
                "name": "oval:org.mitre.oval:def:6031",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031"
              },
              {
                "name": "20040711 HijackClick 3",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/368652"
              },
              {
                "name": "oval:org.mitre.oval:def:6048",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048"
              },
              {
                "name": "20040712 Re: HijackClick 3",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/368666"
              },
              {
                "name": "20040712 Brand New Hole: Internet Explorer: HijackClick 3",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-07-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka \"HijackClick 3\" and the \"Script in Image Tag File Download Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "VU#413886",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/413886"
            },
            {
              "name": "1010679",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1010679"
            },
            {
              "name": "oval:org.mitre.oval:def:2611",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611"
            },
            {
              "name": "MS04-038",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
            },
            {
              "name": "oval:org.mitre.oval:def:8077",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077"
            },
            {
              "name": "12048",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/12048"
            },
            {
              "name": "ie-popupshow-perform-actions(16675)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
            },
            {
              "name": "TA04-293A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:4363",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363"
            },
            {
              "name": "10690",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/10690"
            },
            {
              "name": "7774",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/7774"
            },
            {
              "name": "oval:org.mitre.oval:def:5620",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620"
            },
            {
              "name": "oval:org.mitre.oval:def:6031",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031"
            },
            {
              "name": "20040711 HijackClick 3",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/368652"
            },
            {
              "name": "oval:org.mitre.oval:def:6048",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048"
            },
            {
              "name": "20040712 Re: HijackClick 3",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/368666"
            },
            {
              "name": "20040712 Brand New Hole: Internet Explorer: HijackClick 3",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0841",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka \"HijackClick 3\" and the \"Script in Image Tag File Download Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#413886",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/413886"
                },
                {
                  "name": "1010679",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1010679"
                },
                {
                  "name": "oval:org.mitre.oval:def:2611",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611"
                },
                {
                  "name": "MS04-038",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
                },
                {
                  "name": "oval:org.mitre.oval:def:8077",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077"
                },
                {
                  "name": "12048",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/12048"
                },
                {
                  "name": "ie-popupshow-perform-actions(16675)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
                },
                {
                  "name": "TA04-293A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:4363",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363"
                },
                {
                  "name": "10690",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/10690"
                },
                {
                  "name": "7774",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/7774"
                },
                {
                  "name": "oval:org.mitre.oval:def:5620",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620"
                },
                {
                  "name": "oval:org.mitre.oval:def:6031",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031"
                },
                {
                  "name": "20040711 HijackClick 3",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/368652"
                },
                {
                  "name": "oval:org.mitre.oval:def:6048",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048"
                },
                {
                  "name": "20040712 Re: HijackClick 3",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/368666"
                },
                {
                  "name": "20040712 Brand New Hole: Internet Explorer: HijackClick 3",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0841",
        "datePublished": "2004-09-14T04:00:00.000Z",
        "dateReserved": "2004-09-08T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:31:47.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0842 (GCVE-0-2004-0842)

    Vulnerability from nvd – Published: 2004-09-14 04:00 – Updated: 2024-08-08 00:31
    VLAI
    Summary
    Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://marc.info/?l=full-disclosure&m=10910291942… mailing-listx_refsource_FULLDISC
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securiteam.com/exploits/5NP042KF5A.html x_refsource_MISC
    http://www.kb.cert.org/vuls/id/291304 third-party-advisoryx_refsource_CERT-VN
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://marc.info/?l=full-disclosure&m=10906045561… mailing-listx_refsource_FULLDISC
    http://www.ecqurity.com/adv/IEstyle.html x_refsource_MISC
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.us-cert.gov/cas/techalerts/TA04-293A.html third-party-advisoryx_refsource_CERT
    http://marc.info/?l=bugtraq&m=109107496214572&w=2 mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/12806 third-party-advisoryx_refsource_SECUNIA
    http://www.ciac.org/ciac/bulletins/p-006.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://www.securityfocus.com/bid/10816 vdb-entryx_refsource_BID
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2004-07-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:31:47.861Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20040728 Re: Crash IE with 11 bytes ;)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=full-disclosure\u0026m=109102919426844\u0026w=2"
              },
              {
                "name": "oval:org.mitre.oval:def:4169",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169"
              },
              {
                "name": "MS04-038",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securiteam.com/exploits/5NP042KF5A.html"
              },
              {
                "name": "VU#291304",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/291304"
              },
              {
                "name": "oval:org.mitre.oval:def:2906",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906"
              },
              {
                "name": "20040723 Crash IE with 11 bytes ;)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=full-disclosure\u0026m=109060455614702\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ecqurity.com/adv/IEstyle.html"
              },
              {
                "name": "oval:org.mitre.oval:def:5592",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592"
              },
              {
                "name": "ie-popupshow-perform-actions(16675)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
              },
              {
                "name": "TA04-293A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
              },
              {
                "name": "20040728 Re: Crash IE with 11 bytes ;)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=109107496214572\u0026w=2"
              },
              {
                "name": "12806",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/12806"
              },
              {
                "name": "P-006",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/p-006.shtml"
              },
              {
                "name": "10816",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/10816"
              },
              {
                "name": "oval:org.mitre.oval:def:6579",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579"
              },
              {
                "name": "oval:org.mitre.oval:def:3372",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-07-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from \"memory corruption\") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the \"\u003cSTYLE\u003e@;/*\" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the \"CSS Heap Memory Corruption Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20040728 Re: Crash IE with 11 bytes ;)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://marc.info/?l=full-disclosure\u0026m=109102919426844\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:4169",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169"
            },
            {
              "name": "MS04-038",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securiteam.com/exploits/5NP042KF5A.html"
            },
            {
              "name": "VU#291304",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/291304"
            },
            {
              "name": "oval:org.mitre.oval:def:2906",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906"
            },
            {
              "name": "20040723 Crash IE with 11 bytes ;)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://marc.info/?l=full-disclosure\u0026m=109060455614702\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ecqurity.com/adv/IEstyle.html"
            },
            {
              "name": "oval:org.mitre.oval:def:5592",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592"
            },
            {
              "name": "ie-popupshow-perform-actions(16675)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
            },
            {
              "name": "TA04-293A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
            },
            {
              "name": "20040728 Re: Crash IE with 11 bytes ;)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=109107496214572\u0026w=2"
            },
            {
              "name": "12806",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/12806"
            },
            {
              "name": "P-006",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/p-006.shtml"
            },
            {
              "name": "10816",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/10816"
            },
            {
              "name": "oval:org.mitre.oval:def:6579",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579"
            },
            {
              "name": "oval:org.mitre.oval:def:3372",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0842",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from \"memory corruption\") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the \"\u003cSTYLE\u003e@;/*\" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the \"CSS Heap Memory Corruption Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20040728 Re: Crash IE with 11 bytes ;)",
                  "refsource": "FULLDISC",
                  "url": "http://marc.info/?l=full-disclosure\u0026m=109102919426844\u0026w=2"
                },
                {
                  "name": "oval:org.mitre.oval:def:4169",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169"
                },
                {
                  "name": "MS04-038",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
                },
                {
                  "name": "http://www.securiteam.com/exploits/5NP042KF5A.html",
                  "refsource": "MISC",
                  "url": "http://www.securiteam.com/exploits/5NP042KF5A.html"
                },
                {
                  "name": "VU#291304",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/291304"
                },
                {
                  "name": "oval:org.mitre.oval:def:2906",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906"
                },
                {
                  "name": "20040723 Crash IE with 11 bytes ;)",
                  "refsource": "FULLDISC",
                  "url": "http://marc.info/?l=full-disclosure\u0026m=109060455614702\u0026w=2"
                },
                {
                  "name": "http://www.ecqurity.com/adv/IEstyle.html",
                  "refsource": "MISC",
                  "url": "http://www.ecqurity.com/adv/IEstyle.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:5592",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592"
                },
                {
                  "name": "ie-popupshow-perform-actions(16675)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
                },
                {
                  "name": "TA04-293A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
                },
                {
                  "name": "20040728 Re: Crash IE with 11 bytes ;)",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=109107496214572\u0026w=2"
                },
                {
                  "name": "12806",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/12806"
                },
                {
                  "name": "P-006",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/p-006.shtml"
                },
                {
                  "name": "10816",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/10816"
                },
                {
                  "name": "oval:org.mitre.oval:def:6579",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579"
                },
                {
                  "name": "oval:org.mitre.oval:def:3372",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0842",
        "datePublished": "2004-09-14T04:00:00.000Z",
        "dateReserved": "2004-09-08T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:31:47.861Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0839 (GCVE-0-2004-0839)

    Vulnerability from nvd – Published: 2004-09-14 04:00 – Updated: 2024-08-08 00:31
    VLAI
    Summary
    Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.securityfocus.com/bid/10973 vdb-entryx_refsource_BID
    http://marc.info/?l=bugtraq&m=109336221826652&w=2 mailing-listx_refsource_BUGTRAQ
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://seclists.org/lists/fulldisclosure/2004/Aug… mailing-listx_refsource_FULLDISC
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://marc.info/?l=bugtraq&m=109303291513335&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.us-cert.gov/cas/techalerts/TA04-293A.html third-party-advisoryx_refsource_CERT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.kb.cert.org/vuls/id/526089 third-party-advisoryx_refsource_CERT-VN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2004-08-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:31:47.171Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oval:org.mitre.oval:def:7721",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721"
              },
              {
                "name": "10973",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/10973"
              },
              {
                "name": "20040824 What A Drag! -revisited-",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=109336221826652\u0026w=2"
              },
              {
                "name": "MS04-038",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
              },
              {
                "name": "oval:org.mitre.oval:def:6272",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272"
              },
              {
                "name": "20040818 What A Drag II XP SP2",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html"
              },
              {
                "name": "oval:org.mitre.oval:def:2073",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073"
              },
              {
                "name": "20040818 What A Drag II XP SP2",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=109303291513335\u0026w=2"
              },
              {
                "name": "TA04-293A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
              },
              {
                "name": "oval:org.mitre.oval:def:4152",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152"
              },
              {
                "name": "oval:org.mitre.oval:def:3773",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773"
              },
              {
                "name": "VU#526089",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/526089"
              },
              {
                "name": "ie-dragdrop-code-execution(17044)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17044"
              },
              {
                "name": "oval:org.mitre.oval:def:1563",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-08-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by \"wottapoop.html\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "oval:org.mitre.oval:def:7721",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721"
            },
            {
              "name": "10973",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/10973"
            },
            {
              "name": "20040824 What A Drag! -revisited-",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=109336221826652\u0026w=2"
            },
            {
              "name": "MS04-038",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
            },
            {
              "name": "oval:org.mitre.oval:def:6272",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272"
            },
            {
              "name": "20040818 What A Drag II XP SP2",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html"
            },
            {
              "name": "oval:org.mitre.oval:def:2073",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073"
            },
            {
              "name": "20040818 What A Drag II XP SP2",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=109303291513335\u0026w=2"
            },
            {
              "name": "TA04-293A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:4152",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152"
            },
            {
              "name": "oval:org.mitre.oval:def:3773",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773"
            },
            {
              "name": "VU#526089",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/526089"
            },
            {
              "name": "ie-dragdrop-code-execution(17044)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17044"
            },
            {
              "name": "oval:org.mitre.oval:def:1563",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0839",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by \"wottapoop.html\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "oval:org.mitre.oval:def:7721",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721"
                },
                {
                  "name": "10973",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/10973"
                },
                {
                  "name": "20040824 What A Drag! -revisited-",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=109336221826652\u0026w=2"
                },
                {
                  "name": "MS04-038",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
                },
                {
                  "name": "oval:org.mitre.oval:def:6272",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272"
                },
                {
                  "name": "20040818 What A Drag II XP SP2",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:2073",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073"
                },
                {
                  "name": "20040818 What A Drag II XP SP2",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=109303291513335\u0026w=2"
                },
                {
                  "name": "TA04-293A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:4152",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152"
                },
                {
                  "name": "oval:org.mitre.oval:def:3773",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773"
                },
                {
                  "name": "VU#526089",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/526089"
                },
                {
                  "name": "ie-dragdrop-code-execution(17044)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17044"
                },
                {
                  "name": "oval:org.mitre.oval:def:1563",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0839",
        "datePublished": "2004-09-14T04:00:00.000Z",
        "dateReserved": "2004-09-08T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:31:47.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2374 (GCVE-0-2007-2374)

    Vulnerability from cvelistv5 – Published: 2007-04-30 23:00 – Updated: 2024-08-07 13:33
    VLAI
    Summary
    Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-03-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:33:28.629Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "35637",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/35637"
              },
              {
                "name": "win-unspecified-code-execution(34444)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34444"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://research.eeye.com/html/advisories/upcoming/20070327.html"
              },
              {
                "name": "23332",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23332"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.  NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "35637",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/35637"
            },
            {
              "name": "win-unspecified-code-execution(34444)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34444"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://research.eeye.com/html/advisories/upcoming/20070327.html"
            },
            {
              "name": "23332",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23332"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2374",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.  NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "35637",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/35637"
                },
                {
                  "name": "win-unspecified-code-execution(34444)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34444"
                },
                {
                  "name": "http://research.eeye.com/html/advisories/upcoming/20070327.html",
                  "refsource": "MISC",
                  "url": "http://research.eeye.com/html/advisories/upcoming/20070327.html"
                },
                {
                  "name": "23332",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23332"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2374",
        "datePublished": "2007-04-30T23:00:00.000Z",
        "dateReserved": "2007-04-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:33:28.629Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1765 (GCVE-0-2007-1765)

    Vulnerability from cvelistv5 – Published: 2007-03-30 00:00 – Updated: 2024-08-07 13:06
    VLAI
    Summary
    Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2007-03-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:06:26.389Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070330 ANI Zeroday, Third Party Patch",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/464287/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://research.eeye.com/html/alerts/zeroday/20070328.html"
              },
              {
                "name": "20070331 Windows .ANI Stack Overflow Exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/464345/100/0/threaded"
              },
              {
                "name": "ADV-2007-1151",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1151"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://vil.nai.com/vil/content/v_141860.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.avertlabs.com/research/blog/?p=230"
              },
              {
                "name": "23194",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23194"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.microsoft.com/technet/security/advisory/935423.mspx"
              },
              {
                "name": "1017827",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017827"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.avertlabs.com/research/blog/?p=233"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7.  NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20070330 ANI Zeroday, Third Party Patch",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/464287/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://research.eeye.com/html/alerts/zeroday/20070328.html"
            },
            {
              "name": "20070331 Windows .ANI Stack Overflow Exploit",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/464345/100/0/threaded"
            },
            {
              "name": "ADV-2007-1151",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1151"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://vil.nai.com/vil/content/v_141860.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.avertlabs.com/research/blog/?p=230"
            },
            {
              "name": "23194",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23194"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.microsoft.com/technet/security/advisory/935423.mspx"
            },
            {
              "name": "1017827",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017827"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.avertlabs.com/research/blog/?p=233"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1765",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7.  NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070330 ANI Zeroday, Third Party Patch",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/464287/100/0/threaded"
                },
                {
                  "name": "http://research.eeye.com/html/alerts/zeroday/20070328.html",
                  "refsource": "MISC",
                  "url": "http://research.eeye.com/html/alerts/zeroday/20070328.html"
                },
                {
                  "name": "20070331 Windows .ANI Stack Overflow Exploit",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/464345/100/0/threaded"
                },
                {
                  "name": "ADV-2007-1151",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1151"
                },
                {
                  "name": "http://vil.nai.com/vil/content/v_141860.htm",
                  "refsource": "MISC",
                  "url": "http://vil.nai.com/vil/content/v_141860.htm"
                },
                {
                  "name": "http://www.avertlabs.com/research/blog/?p=230",
                  "refsource": "MISC",
                  "url": "http://www.avertlabs.com/research/blog/?p=230"
                },
                {
                  "name": "23194",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23194"
                },
                {
                  "name": "http://www.microsoft.com/technet/security/advisory/935423.mspx",
                  "refsource": "CONFIRM",
                  "url": "http://www.microsoft.com/technet/security/advisory/935423.mspx"
                },
                {
                  "name": "1017827",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017827"
                },
                {
                  "name": "http://www.avertlabs.com/research/blog/?p=233",
                  "refsource": "MISC",
                  "url": "http://www.avertlabs.com/research/blog/?p=233"
                },
                {
                  "name": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/",
                  "refsource": "MISC",
                  "url": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1765",
        "datePublished": "2007-03-30T00:00:00.000Z",
        "dateReserved": "2007-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:06:26.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-1050 (GCVE-0-2004-1050)

    Vulnerability from cvelistv5 – Published: 2004-11-18 05:00 – Updated: 2024-08-08 00:38
    VLAI
    Summary
    Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/842160 third-party-advisoryx_refsource_CERT-VN
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://marc.info/?l=bugtraq&m=109942758911846&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/11515 vdb-entryx_refsource_BID
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    http://www.us-cert.gov/cas/techalerts/TA04-315A.html third-party-advisoryx_refsource_CERT
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/12959/ third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/379261 mailing-listx_refsource_BUGTRAQ
    http://www.us-cert.gov/cas/techalerts/TA04-336A.html third-party-advisoryx_refsource_CERT
    Date Public
    2004-10-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:38:59.861Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#842160",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/842160"
              },
              {
                "name": "20041023 python does mangleme (with IE bugs!)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html"
              },
              {
                "name": "MS04-040",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040"
              },
              {
                "name": "20041102 MSIE \u003cIFRAME\u003e and \u003cFRAME\u003e tag NAME property bufferoverflow PoC",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2"
              },
              {
                "name": "11515",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/11515"
              },
              {
                "name": "oval:org.mitre.oval:def:1294",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294"
              },
              {
                "name": "20041025 python does mangleme (with IE bugs!)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html"
              },
              {
                "name": "TA04-315A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html"
              },
              {
                "name": "ie-iframe-src-name-bo(17889)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889"
              },
              {
                "name": "12959",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/12959/"
              },
              {
                "name": "20041024 python does mangleme (with IE bugs!)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/379261"
              },
              {
                "name": "TA04-336A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-10-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka \"the IFRAME vulnerability\" or the \"HTML Elements Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "VU#842160",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/842160"
            },
            {
              "name": "20041023 python does mangleme (with IE bugs!)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html"
            },
            {
              "name": "MS04-040",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040"
            },
            {
              "name": "20041102 MSIE \u003cIFRAME\u003e and \u003cFRAME\u003e tag NAME property bufferoverflow PoC",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2"
            },
            {
              "name": "11515",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/11515"
            },
            {
              "name": "oval:org.mitre.oval:def:1294",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294"
            },
            {
              "name": "20041025 python does mangleme (with IE bugs!)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html"
            },
            {
              "name": "TA04-315A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html"
            },
            {
              "name": "ie-iframe-src-name-bo(17889)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889"
            },
            {
              "name": "12959",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/12959/"
            },
            {
              "name": "20041024 python does mangleme (with IE bugs!)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/379261"
            },
            {
              "name": "TA04-336A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-1050",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka \"the IFRAME vulnerability\" or the \"HTML Elements Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#842160",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/842160"
                },
                {
                  "name": "20041023 python does mangleme (with IE bugs!)",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html"
                },
                {
                  "name": "MS04-040",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040"
                },
                {
                  "name": "20041102 MSIE \u003cIFRAME\u003e and \u003cFRAME\u003e tag NAME property bufferoverflow PoC",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2"
                },
                {
                  "name": "11515",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/11515"
                },
                {
                  "name": "oval:org.mitre.oval:def:1294",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294"
                },
                {
                  "name": "20041025 python does mangleme (with IE bugs!)",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html"
                },
                {
                  "name": "TA04-315A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html"
                },
                {
                  "name": "ie-iframe-src-name-bo(17889)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889"
                },
                {
                  "name": "12959",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/12959/"
                },
                {
                  "name": "20041024 python does mangleme (with IE bugs!)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/379261"
                },
                {
                  "name": "TA04-336A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-1050",
        "datePublished": "2004-11-18T05:00:00.000Z",
        "dateReserved": "2004-11-17T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:38:59.861Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0841 (GCVE-0-2004-0841)

    Vulnerability from cvelistv5 – Published: 2004-09-14 04:00 – Updated: 2024-08-08 00:31
    VLAI
    Summary
    Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/413886 third-party-advisoryx_refsource_CERT-VN
    http://securitytracker.com/id?1010679 vdb-entryx_refsource_SECTRACK
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/12048 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.us-cert.gov/cas/techalerts/TA04-293A.html third-party-advisoryx_refsource_CERT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.securityfocus.com/bid/10690 vdb-entryx_refsource_BID
    http://www.osvdb.org/7774 vdb-entryx_refsource_OSVDB
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.securityfocus.com/archive/1/368652 mailing-listx_refsource_BUGTRAQ
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.securityfocus.com/archive/1/368666 mailing-listx_refsource_BUGTRAQ
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    Date Public
    2004-07-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:31:47.829Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#413886",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/413886"
              },
              {
                "name": "1010679",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1010679"
              },
              {
                "name": "oval:org.mitre.oval:def:2611",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611"
              },
              {
                "name": "MS04-038",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
              },
              {
                "name": "oval:org.mitre.oval:def:8077",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077"
              },
              {
                "name": "12048",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/12048"
              },
              {
                "name": "ie-popupshow-perform-actions(16675)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
              },
              {
                "name": "TA04-293A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
              },
              {
                "name": "oval:org.mitre.oval:def:4363",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363"
              },
              {
                "name": "10690",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/10690"
              },
              {
                "name": "7774",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/7774"
              },
              {
                "name": "oval:org.mitre.oval:def:5620",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620"
              },
              {
                "name": "oval:org.mitre.oval:def:6031",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031"
              },
              {
                "name": "20040711 HijackClick 3",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/368652"
              },
              {
                "name": "oval:org.mitre.oval:def:6048",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048"
              },
              {
                "name": "20040712 Re: HijackClick 3",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/368666"
              },
              {
                "name": "20040712 Brand New Hole: Internet Explorer: HijackClick 3",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-07-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka \"HijackClick 3\" and the \"Script in Image Tag File Download Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "VU#413886",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/413886"
            },
            {
              "name": "1010679",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1010679"
            },
            {
              "name": "oval:org.mitre.oval:def:2611",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611"
            },
            {
              "name": "MS04-038",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
            },
            {
              "name": "oval:org.mitre.oval:def:8077",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077"
            },
            {
              "name": "12048",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/12048"
            },
            {
              "name": "ie-popupshow-perform-actions(16675)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
            },
            {
              "name": "TA04-293A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:4363",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363"
            },
            {
              "name": "10690",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/10690"
            },
            {
              "name": "7774",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/7774"
            },
            {
              "name": "oval:org.mitre.oval:def:5620",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620"
            },
            {
              "name": "oval:org.mitre.oval:def:6031",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031"
            },
            {
              "name": "20040711 HijackClick 3",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/368652"
            },
            {
              "name": "oval:org.mitre.oval:def:6048",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048"
            },
            {
              "name": "20040712 Re: HijackClick 3",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/368666"
            },
            {
              "name": "20040712 Brand New Hole: Internet Explorer: HijackClick 3",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0841",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka \"HijackClick 3\" and the \"Script in Image Tag File Download Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#413886",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/413886"
                },
                {
                  "name": "1010679",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1010679"
                },
                {
                  "name": "oval:org.mitre.oval:def:2611",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611"
                },
                {
                  "name": "MS04-038",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
                },
                {
                  "name": "oval:org.mitre.oval:def:8077",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077"
                },
                {
                  "name": "12048",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/12048"
                },
                {
                  "name": "ie-popupshow-perform-actions(16675)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
                },
                {
                  "name": "TA04-293A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:4363",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363"
                },
                {
                  "name": "10690",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/10690"
                },
                {
                  "name": "7774",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/7774"
                },
                {
                  "name": "oval:org.mitre.oval:def:5620",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620"
                },
                {
                  "name": "oval:org.mitre.oval:def:6031",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031"
                },
                {
                  "name": "20040711 HijackClick 3",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/368652"
                },
                {
                  "name": "oval:org.mitre.oval:def:6048",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048"
                },
                {
                  "name": "20040712 Re: HijackClick 3",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/368666"
                },
                {
                  "name": "20040712 Brand New Hole: Internet Explorer: HijackClick 3",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0841",
        "datePublished": "2004-09-14T04:00:00.000Z",
        "dateReserved": "2004-09-08T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:31:47.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0839 (GCVE-0-2004-0839)

    Vulnerability from cvelistv5 – Published: 2004-09-14 04:00 – Updated: 2024-08-08 00:31
    VLAI
    Summary
    Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.securityfocus.com/bid/10973 vdb-entryx_refsource_BID
    http://marc.info/?l=bugtraq&m=109336221826652&w=2 mailing-listx_refsource_BUGTRAQ
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://seclists.org/lists/fulldisclosure/2004/Aug… mailing-listx_refsource_FULLDISC
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://marc.info/?l=bugtraq&m=109303291513335&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.us-cert.gov/cas/techalerts/TA04-293A.html third-party-advisoryx_refsource_CERT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.kb.cert.org/vuls/id/526089 third-party-advisoryx_refsource_CERT-VN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2004-08-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:31:47.171Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oval:org.mitre.oval:def:7721",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721"
              },
              {
                "name": "10973",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/10973"
              },
              {
                "name": "20040824 What A Drag! -revisited-",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=109336221826652\u0026w=2"
              },
              {
                "name": "MS04-038",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
              },
              {
                "name": "oval:org.mitre.oval:def:6272",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272"
              },
              {
                "name": "20040818 What A Drag II XP SP2",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html"
              },
              {
                "name": "oval:org.mitre.oval:def:2073",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073"
              },
              {
                "name": "20040818 What A Drag II XP SP2",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=109303291513335\u0026w=2"
              },
              {
                "name": "TA04-293A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
              },
              {
                "name": "oval:org.mitre.oval:def:4152",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152"
              },
              {
                "name": "oval:org.mitre.oval:def:3773",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773"
              },
              {
                "name": "VU#526089",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/526089"
              },
              {
                "name": "ie-dragdrop-code-execution(17044)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17044"
              },
              {
                "name": "oval:org.mitre.oval:def:1563",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-08-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by \"wottapoop.html\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "oval:org.mitre.oval:def:7721",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721"
            },
            {
              "name": "10973",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/10973"
            },
            {
              "name": "20040824 What A Drag! -revisited-",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=109336221826652\u0026w=2"
            },
            {
              "name": "MS04-038",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
            },
            {
              "name": "oval:org.mitre.oval:def:6272",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272"
            },
            {
              "name": "20040818 What A Drag II XP SP2",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html"
            },
            {
              "name": "oval:org.mitre.oval:def:2073",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073"
            },
            {
              "name": "20040818 What A Drag II XP SP2",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=109303291513335\u0026w=2"
            },
            {
              "name": "TA04-293A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:4152",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152"
            },
            {
              "name": "oval:org.mitre.oval:def:3773",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773"
            },
            {
              "name": "VU#526089",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/526089"
            },
            {
              "name": "ie-dragdrop-code-execution(17044)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17044"
            },
            {
              "name": "oval:org.mitre.oval:def:1563",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0839",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by \"wottapoop.html\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "oval:org.mitre.oval:def:7721",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721"
                },
                {
                  "name": "10973",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/10973"
                },
                {
                  "name": "20040824 What A Drag! -revisited-",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=109336221826652\u0026w=2"
                },
                {
                  "name": "MS04-038",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
                },
                {
                  "name": "oval:org.mitre.oval:def:6272",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272"
                },
                {
                  "name": "20040818 What A Drag II XP SP2",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:2073",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073"
                },
                {
                  "name": "20040818 What A Drag II XP SP2",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=109303291513335\u0026w=2"
                },
                {
                  "name": "TA04-293A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:4152",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152"
                },
                {
                  "name": "oval:org.mitre.oval:def:3773",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773"
                },
                {
                  "name": "VU#526089",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/526089"
                },
                {
                  "name": "ie-dragdrop-code-execution(17044)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17044"
                },
                {
                  "name": "oval:org.mitre.oval:def:1563",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0839",
        "datePublished": "2004-09-14T04:00:00.000Z",
        "dateReserved": "2004-09-08T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:31:47.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0842 (GCVE-0-2004-0842)

    Vulnerability from cvelistv5 – Published: 2004-09-14 04:00 – Updated: 2024-08-08 00:31
    VLAI
    Summary
    Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://marc.info/?l=full-disclosure&m=10910291942… mailing-listx_refsource_FULLDISC
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securiteam.com/exploits/5NP042KF5A.html x_refsource_MISC
    http://www.kb.cert.org/vuls/id/291304 third-party-advisoryx_refsource_CERT-VN
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://marc.info/?l=full-disclosure&m=10906045561… mailing-listx_refsource_FULLDISC
    http://www.ecqurity.com/adv/IEstyle.html x_refsource_MISC
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.us-cert.gov/cas/techalerts/TA04-293A.html third-party-advisoryx_refsource_CERT
    http://marc.info/?l=bugtraq&m=109107496214572&w=2 mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/12806 third-party-advisoryx_refsource_SECUNIA
    http://www.ciac.org/ciac/bulletins/p-006.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://www.securityfocus.com/bid/10816 vdb-entryx_refsource_BID
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2004-07-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:31:47.861Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20040728 Re: Crash IE with 11 bytes ;)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=full-disclosure\u0026m=109102919426844\u0026w=2"
              },
              {
                "name": "oval:org.mitre.oval:def:4169",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169"
              },
              {
                "name": "MS04-038",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securiteam.com/exploits/5NP042KF5A.html"
              },
              {
                "name": "VU#291304",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/291304"
              },
              {
                "name": "oval:org.mitre.oval:def:2906",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906"
              },
              {
                "name": "20040723 Crash IE with 11 bytes ;)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=full-disclosure\u0026m=109060455614702\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ecqurity.com/adv/IEstyle.html"
              },
              {
                "name": "oval:org.mitre.oval:def:5592",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592"
              },
              {
                "name": "ie-popupshow-perform-actions(16675)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
              },
              {
                "name": "TA04-293A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
              },
              {
                "name": "20040728 Re: Crash IE with 11 bytes ;)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=109107496214572\u0026w=2"
              },
              {
                "name": "12806",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/12806"
              },
              {
                "name": "P-006",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/p-006.shtml"
              },
              {
                "name": "10816",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/10816"
              },
              {
                "name": "oval:org.mitre.oval:def:6579",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579"
              },
              {
                "name": "oval:org.mitre.oval:def:3372",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-07-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from \"memory corruption\") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the \"\u003cSTYLE\u003e@;/*\" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the \"CSS Heap Memory Corruption Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20040728 Re: Crash IE with 11 bytes ;)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://marc.info/?l=full-disclosure\u0026m=109102919426844\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:4169",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169"
            },
            {
              "name": "MS04-038",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securiteam.com/exploits/5NP042KF5A.html"
            },
            {
              "name": "VU#291304",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/291304"
            },
            {
              "name": "oval:org.mitre.oval:def:2906",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906"
            },
            {
              "name": "20040723 Crash IE with 11 bytes ;)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://marc.info/?l=full-disclosure\u0026m=109060455614702\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ecqurity.com/adv/IEstyle.html"
            },
            {
              "name": "oval:org.mitre.oval:def:5592",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592"
            },
            {
              "name": "ie-popupshow-perform-actions(16675)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
            },
            {
              "name": "TA04-293A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
            },
            {
              "name": "20040728 Re: Crash IE with 11 bytes ;)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=109107496214572\u0026w=2"
            },
            {
              "name": "12806",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/12806"
            },
            {
              "name": "P-006",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/p-006.shtml"
            },
            {
              "name": "10816",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/10816"
            },
            {
              "name": "oval:org.mitre.oval:def:6579",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579"
            },
            {
              "name": "oval:org.mitre.oval:def:3372",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0842",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from \"memory corruption\") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the \"\u003cSTYLE\u003e@;/*\" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the \"CSS Heap Memory Corruption Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20040728 Re: Crash IE with 11 bytes ;)",
                  "refsource": "FULLDISC",
                  "url": "http://marc.info/?l=full-disclosure\u0026m=109102919426844\u0026w=2"
                },
                {
                  "name": "oval:org.mitre.oval:def:4169",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169"
                },
                {
                  "name": "MS04-038",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
                },
                {
                  "name": "http://www.securiteam.com/exploits/5NP042KF5A.html",
                  "refsource": "MISC",
                  "url": "http://www.securiteam.com/exploits/5NP042KF5A.html"
                },
                {
                  "name": "VU#291304",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/291304"
                },
                {
                  "name": "oval:org.mitre.oval:def:2906",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906"
                },
                {
                  "name": "20040723 Crash IE with 11 bytes ;)",
                  "refsource": "FULLDISC",
                  "url": "http://marc.info/?l=full-disclosure\u0026m=109060455614702\u0026w=2"
                },
                {
                  "name": "http://www.ecqurity.com/adv/IEstyle.html",
                  "refsource": "MISC",
                  "url": "http://www.ecqurity.com/adv/IEstyle.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:5592",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592"
                },
                {
                  "name": "ie-popupshow-perform-actions(16675)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
                },
                {
                  "name": "TA04-293A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
                },
                {
                  "name": "20040728 Re: Crash IE with 11 bytes ;)",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=109107496214572\u0026w=2"
                },
                {
                  "name": "12806",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/12806"
                },
                {
                  "name": "P-006",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/p-006.shtml"
                },
                {
                  "name": "10816",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/10816"
                },
                {
                  "name": "oval:org.mitre.oval:def:6579",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579"
                },
                {
                  "name": "oval:org.mitre.oval:def:3372",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0842",
        "datePublished": "2004-09-14T04:00:00.000Z",
        "dateReserved": "2004-09-08T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:31:47.861Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }