CVE-2004-0979

high

Description

Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/17820

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038

http://www.us-cert.gov/cas/techalerts/TA04-293A.html

http://www.kb.cert.org/vuls/id/630720

Details

Source: Mitre, NVD

Published: 2004-12-31

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

EPSS

EPSS: 0.08307