Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2609

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2004-2609
Last Modified 05 Sep 2008 04:44:37
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-2609

Summary

The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four "stuffit /f:stuffit.dat" invocations, possibly due to a buffer overflow.

Vulnerable Systems

Application

  • Symantec Powerquest Deploycenter 5.5


References

XF - powerquest-deploycenter-obtain-password(17147)

BID - 11068

OSVDB - 9276

SECTRACK - 1011081

FULLDISC - 20040827 Power Quest Deploy Center 5.5 boot disks


Last Updated: 27 May 2016 10:39:33