Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0420

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0420
Last Modified 23 Jul 2013 01:18:45
Published 07 Jul 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0420

Summary

The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.

Vulnerable Systems

Application

  • Microsoft Ie 6.0

  • Microsoft Ie 6.0.2800.1106


References

CERT - TA04-196A

CERT-VN - VU#106324

BID - 9510

BUGTRAQ - 20040127 GOOROO CROSSING: File Spoofing Internet Explorer 6

BUGTRAQ - 20040127 RE: GOOROO CROSSING: File Spoofing Internet Explorer 6

MS - MS04-024

XF - ie-clsid-file-extension-spoofing(14964)

SECUNIA - 10736


Last Updated: 27 May 2016 10:38:36