Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1624

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-1624
Last Modified 05 Sep 2008 04:41:54
Published 21 Oct 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-1624

Summary

Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button in the Carbon Copy Scheduler (CCSched.exe).

Vulnerable Systems

Application

  • Altiris Carbon Copy 5.0

  • Altiris Carbon Copy 6.0


References

XF - carboncopy-help-gain-privileges(17838)

BID - 11500

SECUNIA - 12962

BUGTRAQ - 20041022 [Fwd: Altiris Carbon Copy Remote Control local SYSTEM exploitation.]


Last Updated: 27 May 2016 10:39:06