10 - MS04-038

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	MS04-038	First vendor Publication	N/A
Vendor	Microsoft	Last vendor Modification	N/A
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cumulative Security Update for Internet Explorer (834707)

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-787	Out-of-bounds Write (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1563

Oval ID:	oval:org.mitre.oval:def:1563
Title:	IE v6.0,SP1 Drag-and-Drop Code Execution Vulnerability
Description:	Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0839	Version:	5
Platform(s):	Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 Service Pack 1 is installed AND the version of mshtml.dll is less than 6.0.2800.1476 AND NOT the patch kb834707 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:2073

Oval ID:	oval:org.mitre.oval:def:2073
Title:	IE v5.01,SP3 Drag-and-Drop Code Execution Vulnerability
Description:	Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0839	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 3 is installed AND the version of mshtml.dll is less than 5.0.3821.2800 AND NOT the patch kb834707-ie501sp3 is installed (Hotfix key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:2219

Oval ID:	oval:org.mitre.oval:def:2219
Title:	IE v6.0 SSL Cached Content Vulnerability
Description:	Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0845	Version:	7
Platform(s):	Microsoft Windows XP	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section the version of mshtml.dll is less than 6.0.2745.2800 AND NOT the patch kb834707 is installed (Installed Components key) AND Internet Explorer 6 is installed AND Configuration section Users not saving encrypted pages to disk (DisableCachingOfSSLPages)

Definition Id: oval:org.mitre.oval:def:2448

Oval ID:	oval:org.mitre.oval:def:2448
Title:	Address Bar Spoofing on Double Byte Character Set Systems Vulnerability (Server 2003)
Description:	Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0844	Version:	5
Platform(s):	Microsoft Windows Server 2003	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 for Windows Server 2003 is installed AND the version of mshtml.dll is less than 6.0.3790.219 AND NOT the patch kb834707 is installed (Hotfix key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:2487

Oval ID:	oval:org.mitre.oval:def:2487
Title:	IE v6.0 Plug-in Navigation Address Bar Spoofing Vulnerability
Description:	Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0843	Version:	5
Platform(s):	Microsoft Windows XP	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section the version of mshtml.dll is less than 6.0.2745.2800 AND NOT the patch kb834707 is installed (Installed Components key) AND Internet Explorer 6 is installed AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:2537

Oval ID:	oval:org.mitre.oval:def:2537
Title:	IE v5.01,SP4 Plug-in Navigation Address Bar Spoofing Vulnerability
Description:	Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0843	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 4 is installed AND the version of mshtml.dll is less than 5.0.3534.2800 AND NOT the patch kb834707-ie501sp4 is installed (Hotfix key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:2611

Oval ID:	oval:org.mitre.oval:def:2611
Title:	IE v6.0 HijackClick 3 / Script in Image Tag File Download Vulnerability
Description:	Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0841	Version:	5
Platform(s):	Microsoft Windows XP	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section the version of mshtml.dll is less than 6.0.2745.2800 AND NOT the patch kb834707 is installed (Installed Components key) AND Internet Explorer 6 is installed AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:2906

Oval ID:	oval:org.mitre.oval:def:2906
Title:	Windows 2000, IE v5.01 CSS Heap Memory Corruption Vulnerability
Description:	Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0842	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 4 is installed AND the version of mshtml.dll is less than 5.0.3534.2800 AND NOT the patch kb834707-ie501sp4 is installed (Hotfix key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:3372

Oval ID:	oval:org.mitre.oval:def:3372
Title:	Windows Server 2003, IE v6,SP1 CSS Heap Memory Corruption Vulnerability
Description:	Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0842	Version:	5
Platform(s):	Microsoft Windows Server 2003	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 for Windows Server 2003 is installed AND the version of mshtml.dll is less than 6.0.3790.219 AND NOT the patch kb834707 is installed (Hotfix key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:3773

Oval ID:	oval:org.mitre.oval:def:3773
Title:	IE v5.5,SP2 Drag-and-Drop Code Execution Vulnerability
Description:	Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0839	Version:	4
Platform(s):	Microsoft Windows ME	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.5 Service Pack 2 is installed AND the version of mshtml.dll is less than 5.50.4945.2800 AND NOT the patch kb834707 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:3872

Oval ID:	oval:org.mitre.oval:def:3872
Title:	IE v6.0,SP1 (Server 2003) SSL Cached Content Vulnerability
Description:	Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0845	Version:	7
Platform(s):	Microsoft Windows Server 2003	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 for Windows Server 2003 is installed AND the version of mshtml.dll is less than 6.0.3790.219 AND NOT the patch kb834707 is installed (Hotfix key) AND Configuration section Users not saving encrypted pages to disk (DisableCachingOfSSLPages)

Definition Id: oval:org.mitre.oval:def:3949

Oval ID:	oval:org.mitre.oval:def:3949
Title:	IE v5.01, SP3 Plug-in Navigation Address Bar Spoofing Vulnerability
Description:	Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0843	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 3 is installed AND the version of mshtml.dll is less than 5.0.3821.2800 AND NOT the patch kb834707-ie501sp3 is installed (Hotfix key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:4152

Oval ID:	oval:org.mitre.oval:def:4152
Title:	IE v5.01,SP4 Drag-and-Drop Code Execution Vulnerability
Description:	Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0839	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 4 is installed AND the version of mshtml.dll is less than 5.0.3534.2800 AND NOT the patch kb834707-ie501sp4 is installed (Hotfix key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:4169

Oval ID:	oval:org.mitre.oval:def:4169
Title:	Windows XP, IE v6.0 CSS Heap Memory Corruption Vulnerability
Description:	Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0842	Version:	5
Platform(s):	Microsoft Windows XP	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section the version of mshtml.dll is less than 6.0.2745.2800 AND NOT the patch kb834707 is installed (Installed Components key) AND Internet Explorer 6 is installed AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:4363

Oval ID:	oval:org.mitre.oval:def:4363
Title:	IE v5.01, SP3 HijackClick 3 / Script in Image Tag File Download Vulnerability
Description:	Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0841	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 3 is installed AND the version of mshtml.dll is less than 5.0.3821.2800 AND NOT the patch kb834707-ie501sp3 is installed (Hotfix key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:4702

Oval ID:	oval:org.mitre.oval:def:4702
Title:	IE v5.01,SP4 Similar Method Name Redirection Cross Domain Vulnerability
Description:	Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0727	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 4 is installed AND the version of mshtml.dll is less than 5.0.3534.2800 AND NOT the patch kb834707-ie501sp4 is installed (Hotfix key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:5150

Oval ID:	oval:org.mitre.oval:def:5150
Title:	IE v5.01, SP4 SSL Cached Content Vulnerability
Description:	Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0845	Version:	6
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 4 is installed AND the version of mshtml.dll is less than 5.0.3534.2800 AND NOT the patch kb834707-ie501sp4 is installed (Hotfix key) AND Configuration section Users not saving encrypted pages to disk (DisableCachingOfSSLPages)

Definition Id: oval:org.mitre.oval:def:5316

Oval ID:	oval:org.mitre.oval:def:5316
Title:	IE v6.0,SP1 (Server 2003) Install Engine Buffer Overflow
Description:	Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0216	Version:	5
Platform(s):	Microsoft Windows Server 2003	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 for Windows Server 2003 is installed AND the version of mshtml.dll is less than 6.0.3790.219 AND NOT the patch kb834707 is installed (Hotfix key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:5329

Oval ID:	oval:org.mitre.oval:def:5329
Title:	IE v6.0,SP1 Install Engine Buffer Overflow
Description:	Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0216	Version:	5
Platform(s):	Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 Service Pack 1 is installed AND the version of mshtml.dll is less than 6.0.2800.1476 AND NOT the patch kb834707 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:5520

Oval ID:	oval:org.mitre.oval:def:5520
Title:	IE v5.5, SP2 SSL Cached Content Vulnerability
Description:	Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0845	Version:	6
Platform(s):	Microsoft Windows ME	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.5 Service Pack 2 is installed AND the version of mshtml.dll is less than 5.50.4945.2800 AND NOT the patch kb834707 is installed (Installed Components key) AND Configuration section Users not saving encrypted pages to disk (DisableCachingOfSSLPages)

Definition Id: oval:org.mitre.oval:def:5592

Oval ID:	oval:org.mitre.oval:def:5592
Title:	Windows (ME, NT, 2K), IE v5.5,SP2 CSS Heap Memory Corruption Vulnerability
Description:	Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0842	Version:	4
Platform(s):	Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.5 Service Pack 2 is installed AND the version of mshtml.dll is less than 5.50.4945.2800 AND NOT the patch kb834707 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:5620

Oval ID:	oval:org.mitre.oval:def:5620
Title:	IE v6.0 for 2003, SP3 HijackClick 3 / Script in Image Tag File Download Vulnerability
Description:	Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0841	Version:	5
Platform(s):	Microsoft Windows Server 2003	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 for Windows Server 2003 is installed AND the version of mshtml.dll is less than 6.0.3790.219 AND NOT the patch kb834707 is installed (Hotfix key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:5740

Oval ID:	oval:org.mitre.oval:def:5740
Title:	IE v6.0,SP1 SSL Cached Content Vulnerability
Description:	Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0845	Version:	7
Platform(s):	Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 Service Pack 1 is installed AND the version of mshtml.dll is less than 6.0.2800.1476 AND NOT the patch kb834707 is installed (Installed Components key) AND Configuration section Users not saving encrypted pages to disk (DisableCachingOfSSLPages)

Definition Id: oval:org.mitre.oval:def:6031

Oval ID:	oval:org.mitre.oval:def:6031
Title:	IE v5.5, SP2 HijackClick 3 / Script in Image Tag File Download Vulnerability
Description:	Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0841	Version:	4
Platform(s):	Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.5 Service Pack 2 is installed AND the version of mshtml.dll is less than 5.50.4945.2800 AND NOT the patch kb834707 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:6048

Oval ID:	oval:org.mitre.oval:def:6048
Title:	IE v5.01, SP4 HijackClick 3 / Script in Image Tag File Download Vulnerability
Description:	Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0841	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 4 is installed AND the version of mshtml.dll is less than 5.0.3534.2800 AND NOT the patch kb834707-ie501sp4 is installed (Hotfix key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:6100

Oval ID:	oval:org.mitre.oval:def:6100
Title:	IE v5.5,SP2 Install Engine Buffer Overflow
Description:	Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0216	Version:	4
Platform(s):	Microsoft Windows ME	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.5 Service Pack 2 is installed AND the version of mshtml.dll is less than 5.50.4945.2800 AND NOT the patch kb834707 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:6272

Oval ID:	oval:org.mitre.oval:def:6272
Title:	IE v6.0,SP1 (Server 2003) Drag-and-Drop Code Execution Vulnerability
Description:	Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0839	Version:	5
Platform(s):	Microsoft Windows Server 2003	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 for Windows Server 2003 is installed AND the version of mshtml.dll is less than 6.0.3790.219 AND NOT the patch kb834707 is installed (Hotfix key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:6313

Oval ID:	oval:org.mitre.oval:def:6313
Title:	IE v6.0,SP1 for Server 2003 Plug-in Navigation Address Bar Spoofing Vulnerability
Description:	Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0843	Version:	5
Platform(s):	Microsoft Windows Server 2003	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 for Windows Server 2003 is installed AND the version of mshtml.dll is less than 6.0.3790.219 AND NOT the patch kb834707 is installed (Hotfix key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:6579

Oval ID:	oval:org.mitre.oval:def:6579
Title:	Windows (ME, NT, 2K, XP), IE v6,SP1 CSS Heap Memory Corruption Vulnerability
Description:	Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0842	Version:	5
Platform(s):	Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 Service Pack 1 is installed AND the version of mshtml.dll is less than 6.0.2800.1476 AND NOT the patch kb834707 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:6600

Oval ID:	oval:org.mitre.oval:def:6600
Title:	IE v5.01,SP4 Install Engine Buffer Overflow
Description:	Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0216	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 4 is installed AND the version of mshtml.dll is less than 5.0.3534.2800 AND NOT the patch kb834707-ie501sp4 is installed (Hotfix key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:6829

Oval ID:	oval:org.mitre.oval:def:6829
Title:	IE v6.0,SP1 Similar Method Name Redirection Cross Domain Vulnerability
Description:	Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0727	Version:	5
Platform(s):	Microsoft Windows ME Microsoft Windows NT Microsoft Windows XP	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 Service Pack 1 is installed AND NOT the patch kb834707 is installed (Installed Components key) AND the version of mshtml.dll is less than 6.0.2800.1476 AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:7084

Oval ID:	oval:org.mitre.oval:def:7084
Title:	IE v5.01,SP3 Similar Method Name Redirection Cross Domain Vulnerability
Description:	Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0727	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 3 is installed AND the version of mshtml.dll is less than 5.0.3821.2800 AND NOT the patch kb834707-ie501sp3 is installed (Hotfix key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:7095

Oval ID:	oval:org.mitre.oval:def:7095
Title:	IE v5.5,SP2 Plug-in Navigation Address Bar Spoofing Vulnerability
Description:	Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0843	Version:	4
Platform(s):	Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Internet Explorer 5.5 Service Pack 2 is installed AND the version of mshtml.dll is less than 5.50.4945.2800 AND NOT the patch kb834707 is installed (Installed Components key) AND ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:7194

Oval ID:	oval:org.mitre.oval:def:7194
Title:	IE v6.0,SP1 Plug-in Navigation Address Bar Spoofing Vulnerability
Description:	Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0843	Version:	5
Platform(s):	Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 Service Pack 1 is installed AND the version of mshtml.dll is less than 6.0.2800.1476 AND NOT the patch kb834707 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:7448

Oval ID:	oval:org.mitre.oval:def:7448
Title:	IE v5.5,SP2 Similar Method Name Redirection Cross Domain Vulnerability
Description:	Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0727	Version:	6
Platform(s):	Microsoft Windows 98 Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.5 Service Pack 2 is installed AND the version of mshtml.dll is less than 5.50.4945.2800 AND NOT the patch kb834707 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:7496

Oval ID:	oval:org.mitre.oval:def:7496
Title:	IE v6.0,SP2 for Server 2003 Similar Method Name Redirection Cross Domain Vulnerability
Description:	Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0727	Version:	4
Platform(s):	Microsoft Windows Server 2003	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 Service Pack 2 for XP is installed AND a vulnerable version of mshtml.dll exisits machine has followed the GDR update path and mshtml.dll is less than 6.0.2900.2523 AND machine has followed the QFE update path and mshtml.dll is less than 6.0.2900.2524 AND NOT the patch kb834707 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:7611

Oval ID:	oval:org.mitre.oval:def:7611
Title:	IE v5.01,SP3 SSL Cached Content Vulnerability
Description:	Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0845	Version:	6
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 3 is installed AND the version of mshtml.dll is less than 5.0.3821.2800 AND NOT the patch kb834707-ie501sp3 is installed (Hotfix key) AND Configuration section Users not saving encrypted pages to disk (DisableCachingOfSSLPages)

Definition Id: oval:org.mitre.oval:def:7717

Oval ID:	oval:org.mitre.oval:def:7717
Title:	IE v6.0 Install Engine Buffer Overflow
Description:	Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0216	Version:	5
Platform(s):	Microsoft Windows XP	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section the version of mshtml.dll is less than 6.0.2745.2800 AND NOT the patch kb834707 is installed (Installed Components key) AND Internet Explorer 6 is installed AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:7721

Oval ID:	oval:org.mitre.oval:def:7721
Title:	IE v6.0 Drag-and-Drop Code Execution Vulnerability
Description:	Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0839	Version:	5
Platform(s):	Microsoft Windows XP	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section the version of mshtml.dll is less than 6.0.2745.2800 AND NOT the patch kb834707 is installed (Installed Components key) AND Internet Explorer 6 is installed AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:7865

Oval ID:	oval:org.mitre.oval:def:7865
Title:	IE v5.01,SP3 Install Engine Buffer Overflow
Description:	Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0216	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 3 is installed AND the version of mshtml.dll is less than 5.0.3821.2800 AND NOT the patch kb834707-ie501sp3 is installed (Hotfix key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:7906

Oval ID:	oval:org.mitre.oval:def:7906
Title:	IE v6.0 Similar Method Name Redirection Cross Domain Vulnerability
Description:	Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0727	Version:	5
Platform(s):	Microsoft Windows XP	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section the version of mshtml.dll is less than 6.0.2745.2800 AND NOT the patch kb834707 is installed (Installed Components key) AND Internet Explorer 6 is installed AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:8077

Oval ID:	oval:org.mitre.oval:def:8077
Title:	IE v6.0, SP1 HijackClick 3 / Script in Image Tag File Download Vulnerability
Description:	Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0841	Version:	5
Platform(s):	Microsoft Windows ME	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 Service Pack 1 is installed AND the version of mshtml.dll is less than 6.0.2800.1476 AND NOT the patch kb834707 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:8127

Oval ID:	oval:org.mitre.oval:def:8127
Title:	Address Bar Spoofing on Double Byte Character Set Systems Vulnerability
Description:	Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0844	Version:	5
Platform(s):	Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 Service Pack 1 is installed AND the version of mshtml.dll is less than 6.0.2800.1476 AND NOT the version of mshtml.dll is less than 5.0.3534.2800 AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

CPE : Common Platform Enumeration

Type	Description	Count
Application	Avaya Ip600 Media Servers cpe:2.3:a:avaya:ip600_media_servers::::::::	1
Application	Microsoft Ie cpe:2.3:a:microsoft:ie:6.0:sp2:::::: cpe:2.3:a:microsoft:ie:6.0:sp1:::::: cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1::::::	3
Application	Microsoft Internet Explorer cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:::::::* cpe:2.3:a:microsoft:internet_explorer:6.0:::::::* cpe:2.3:a:microsoft:internet_explorer:6:sp1:::::: cpe:2.3:a:microsoft:internet_explorer:6:-:::::: cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:::::: cpe:2.3:a:microsoft:internet_explorer:5.5:::::::* cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:::::: cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:::::: cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:::::: cpe:2.3:a:microsoft:internet_explorer:5.01:::::::* cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:::::: cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:::::: cpe:2.3:a:microsoft:internet_explorer:5.0.1:::::::* cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:::::: cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4::::::	15
Application	Nortel Ip Softphone 2050 cpe:2.3:a:nortel:ip_softphone_2050::::::::	1
Application	Nortel Mobile Voice Client 2050 cpe:2.3:a:nortel:mobile_voice_client_2050::::::::	1
Application	Nortel Optivity Telephony Manager cpe:2.3:a:nortel:optivity_telephony_manager::::::::	1
Application	Nortel Symposium Web Centre Portal cpe:2.3:a:nortel:symposium_web_centre_portal::::::::	1
Application	Nortel Symposium Web Client cpe:2.3:a:nortel:symposium_web_client::::::::	1
Hardware	Avaya Definity One Media Server cpe:2.3:h:avaya:definity_one_media_server::::::::	1
Hardware	Avaya s3400 cpe:2.3:h:avaya:s3400::::::::	1
Hardware	Avaya s8100 cpe:2.3:h:avaya:s8100::::::::	1
Os	Avaya Modular Messaging Message Storage Server cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:::::::* cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:::::::*	2
Os	Microsoft Windows 2000 cpe:2.3:o:microsoft:windows_2000:::::::: cpe:2.3:o:microsoft:windows_2000::sp4::::::* cpe:2.3:o:microsoft:windows_2000::sp1::::::* cpe:2.3:o:microsoft:windows_2000::sp2::::::* cpe:2.3:o:microsoft:windows_2000::sp3::::::*	5
Os	Microsoft Windows 2003 Server cpe:2.3:o:microsoft:windows_2003_server:web:::::::* cpe:2.3:o:microsoft:windows_2003_server:standard::64-bit::::: cpe:2.3:o:microsoft:windows_2003_server:r2::datacenter_64-bit::::: cpe:2.3:o:microsoft:windows_2003_server:r2::64-bit::::: cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:::::::* cpe:2.3:o:microsoft:windows_2003_server:enterprise::64-bit:::::	6
Os	Microsoft Windows 98 cpe:2.3:o:microsoft:windows_98::gold::::::*	1
Os	Microsoft Windows 98Se cpe:2.3:o:microsoft:windows_98se::::::::	1
Os	Microsoft Windows Me cpe:2.3:o:microsoft:windows_me::::::::	1
Os	Microsoft Windows Xp cpe:2.3:o:microsoft:windows_xp::sp2:media_center::::: cpe:2.3:o:microsoft:windows_xp::sp2:home::::: cpe:2.3:o:microsoft:windows_xp::sp1:64-bit::::: cpe:2.3:o:microsoft:windows_xp:::media_center:::::* cpe:2.3:o:microsoft:windows_xp::sp1:home::::: cpe:2.3:o:microsoft:windows_xp:::home:::::* cpe:2.3:o:microsoft:windows_xp:::64-bit:::::* cpe:2.3:o:microsoft:windows_xp::sp1:media_center::::: cpe:2.3:o:microsoft:windows_xp::sp2:tablet_pc::::: cpe:2.3:o:microsoft:windows_xp::gold:professional::::: cpe:2.3:o:microsoft:windows_xp::sp1:embedded::::: cpe:2.3:o:microsoft:windows_xp:::embedded:::::*	12

ExploitDB Exploits

id	Description
2004-10-20	Microsoft Internet Explorer 5.x Valid File Drag and Drop Embedded Code Vulner...

OpenVAS Exploits

Date	Description
2005-11-03	Name : IE 5.01 5.5 6.0 Cumulative patch (890923) File : nvt/smb_nt_ms02-005.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
15221	Microsoft IE Drag and Drop Zone Security Preference Bypass
10756	Microsoft MSN heartbeat.ocx Component Overflow MSN hearbeat.ocx contains a flaw related to a component that may allow an attacker to cause a buffer overflow. No further details have been provided.
10710	Microsoft IE CSS Memory Corruption Arbitrary Command Execution A remote overflow exists in Microsoft Internet Explorer. The mshtml.dll library in Internet Explorer fails to check the boundary within the processing of Cascading Style Sheets, resulting in a memory corruption. With a specially crafted webpage or HTML e-mail message, an attacker can execute arbitrary code resulting in a loss of integrity.
10709	Microsoft IE SSL Cached Content Spoofing Internet Explorer contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by the improper handling of cached SSL contents, which will disclose information resulting in a loss in confidentiality It will also allow content on SSL-protected websites to be spoofed, resulting in a loss of integrity.
10708	Microsoft IE Image Tag Arbitrary Script Execution (HijackClick 3) Internet Explorer contains a flaw in the function which processes scripts in image tags that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a user visits a malicious web page or views an HTML mail using the popup.show method. This flaw allows execution of arbitrary code on the victim's machine leading to a loss of Integrity.
10707	Microsoft IE Plug-in Navigation Address Bar Spoofing Internet Explorer contains a flaw that may allow a malicious user to spoof an address in a user's address bar. The issue is triggered when the victim visits a specially crafted web page and the Plug-in Navigation does not properly handle the request. It is possible that the flaw may allow the attacker to spoof a trusted web site resulting in a loss of integrity.
10706	Microsoft IE Double Byte Character Set Address Bar Spoofing Internet Explorer flaw that may allow a malicious user to spoof an address in a user's address bar. The issue is triggered when Internet Explorer attempts to parse special characters in double byte character systems. It is possible that the flaw may allow the attacker to spoof a trusted web site resulting in a loss of integrity.
10705	Microsoft IE Install Engine Inseng.dll Arbitrary Code Execution A remote overflow exists in Internet Explorer. Internet Explorer fails to properly check boundaries in input sent to inseng.dll resulting in a buffer overflow. With a specially crafted URL, an attacker can cause execution of arbitrary code with the privileges of the target user resulting in a loss of integrity.
10704	Microsoft IE Similar Method Name Redirection Cross Domain/Site Scripting Internet Explorer contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the redirection of a function to another function with the same name. This could allow a user to create a specially crafted URL that would execute arbitrary code possibly in other security zones/domains in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
9070	Microsoft IE dragDrop Arbitrary File Upload (What a Drag II) Microsoft IE contains a flaw that may allow an attacker to upload a malicious file. The issue is triggered when a user attempts a drag and drop action on a malicious html page. It is possible that the flaw may allow the saving of an arbitrary file in the startup folder which will be executed after the next reboot resulting in a loss of integrity.

Snort® IPS/IDS

Date	Description
2014-01-10	MSN Heartbeat ActiveX clsid access RuleID : 4167 - Revision : 16 - Type : BROWSER-PLUGINS
2014-01-10	Shell.Explorer ActiveX Object Access RuleID : 4166 - Revision : 10 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Internet Explorer mouse drag hijack RuleID : 21353 - Revision : 4 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer implicit drag and drop file installation attempt RuleID : 18299 - Revision : 8 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer CSS memory corruption attempt RuleID : 18175 - Revision : 9 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer CSS memory corruption attempt RuleID : 18174 - Revision : 9 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer Install Engine ActiveX clsid unicode access RuleID : 17589 - Revision : 4 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Internet Explorer Install Engine ActiveX clsid access RuleID : 17588 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer Shell.Explorer 2 ActiveX clsid access RuleID : 15122 - Revision : 15 - Type : BROWSER-PLUGINS
2014-01-10	Shell.Explorer 2 ActiveX function call unicode access RuleID : 15113 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Internet Explorer Shell.Explorer 2 ActiveX function call access RuleID : 15112 - Revision : 12 - Type : BROWSER-PLUGINS
2014-01-10	Shell.Explorer 2 ActiveX clsid unicode access RuleID : 15111 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10	MSN Heartbeat ActiveX clsid unicode access RuleID : 12956 - Revision : 7 - Type : WEB-ACTIVEX

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-01-19 21:29:53	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	43
CPE ID(s)	55
osvdb(s)	10
ExploitDB Exploit(s)	1
Openvas Exploit(s)	1
Snort® Rule(s)	13

	Related
10	CVE-2004-0978
10	CVE-2004-0216
7.5	CVE-2004-0842
7.5	CVE-2004-0727
6.4	CVE-2004-0845
5	CVE-2004-0844
5	CVE-2004-0843
5	CVE-2004-0841
5	CVE-2004-0839
4.6	CVE-2004-0979
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 10 more Alert(s)

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.2120s

Facebook rss twitter linkedin mail