Vulnerability Description
Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Ie | 6.0 |
References
- http://marc.info/?l=bugtraq&m=109829111200055&w=2
- http://marc.info/?l=bugtraq&m=109830296130857&w=2
- http://marc.info/?l=ntbugtraq&m=109828076802478&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17824
- http://marc.info/?l=bugtraq&m=109829111200055&w=2
- http://marc.info/?l=bugtraq&m=109830296130857&w=2
- http://marc.info/?l=ntbugtraq&m=109828076802478&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17824
FAQ
What is CVE-2004-0985?
CVE-2004-0985 is a vulnerability with a CVSS score of 10.0 (HIGH). Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .pp...
How severe is CVE-2004-0985?
CVE-2004-0985 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0985?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Ie.