Back to CVE Browser

CVE-2004-0985

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0820%

EPSS Percentile27.63th

PublishedDec 31, 2004

Last ModifiedApr 16, 2026

Vulnerability Description

Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help.

Affected Platforms (CPE)

📦

Microsoft

Ie

= 6.0

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=109829111200055&w=2

🔗 http://marc.info/?l=bugtraq&m=109830296130857&w=2

🔗 http://marc.info/?l=ntbugtraq&m=109828076802478&w=2

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/17824

🔗 http://marc.info/?l=bugtraq&m=109829111200055&w=2

🔗 http://marc.info/?l=bugtraq&m=109830296130857&w=2

🔗 http://marc.info/?l=ntbugtraq&m=109828076802478&w=2

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/17824

Related Vulnerabilities

CVE-2004-041810.0

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow ...

CVE-2004-042010.0

The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows ...

CVE-2004-046910.0

Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and FireWall-1 NG products, before VPN-1/FireWall-1 R55 HFA-03, ...

CVE-2004-040110.0

Unknown vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before 0.2.7, related to the DER parsing functions.