Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0572

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0572
Last Modified 10 Sep 2008 03:26:51
Published 03 Nov 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0572

Summary

Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.

Vulnerable Systems

Application

  • Microsoft Grpconv


References

CERT-VN - VU#543864

XF - win-grpconv-bo(16664)

BID - 10677

MS - MS04-037

XF - win-ms04037-patch(17662)

FULLDISC - 20040707 Re: shell:windows command question


Last Updated: 27 May 2016 10:38:39