CVE-2004-0841

EXPLOITED

Internet Explorer 6.x - RCE

Title source: llm

Description

Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."

Exploits (1)

exploitdb WRITEUP VERIFIED
by Paul · textremotewindows
https://www.exploit-db.com/exploits/24266

References (17)

Scores

EPSS 0.5596
EPSS Percentile 98.1%

Details

VulnCheck KEV 2004-11-09
Status published
Products (10)
avaya/definity_one_media_server
avaya/ip600_media_servers
avaya/modular_messaging_message_storage_server 1.1
avaya/modular_messaging_message_storage_server 2.0
avaya/s3400
avaya/s8100
microsoft/ie 6.0 sp1
microsoft/internet_explorer 5.0.1 (5 CPE variants)
microsoft/internet_explorer 5.5 (3 CPE variants)
microsoft/internet_explorer 6.0
Published Dec 23, 2004
Tracked Since Feb 18, 2026