CVEブラウザに戻る

CVE-2004-0985

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0820%

EPSS Percentile27.63th

Published2004年12月31日

Last Modified2026年4月16日

Vulnerability Description

Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help.

Affected Platforms (CPE)

📦

Microsoft

Ie

= 6.0

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=109829111200055&w=2

🔗 http://marc.info/?l=bugtraq&m=109830296130857&w=2

🔗 http://marc.info/?l=ntbugtraq&m=109828076802478&w=2

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/17824

🔗 http://marc.info/?l=bugtraq&m=109829111200055&w=2

🔗 http://marc.info/?l=bugtraq&m=109830296130857&w=2

🔗 http://marc.info/?l=ntbugtraq&m=109828076802478&w=2

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/17824

関連する脆弱性情報

CVE-2004-041810.0

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow ...

CVE-2004-090410.0

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird...

CVE-2004-100610.0

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via cer...

CVE-2004-129010.0

Buffer overflow in the process_moves function in pgn2web.c for pgn2web 0.3 allows remote attackers to execute arbitrary code via a...