Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2289

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-2289
Last Modified 05 Sep 2008 04:43:43
Published 31 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2289

Summary

Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file.

Vulnerable Systems

Operating System

  • Microsoft Windows Xp


References

XF - winxp-explorer-code-execution(16171)

BID - 10363

OSVDB - 6221

MISC - http://www.freewebs.com/roozbeh_afrasiabi/xploit/execute.htm

SECUNIA - 11633

BUGTRAQ - 20040517 Desktop.ini flaw results in executing folders

MS - MS06-015


Last Updated: 27 May 2016 10:39:25