Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-1999-1431

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-1999-1431
Last Modified 05 Sep 2008 04:19:30
Published 07 Jan 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-1999-1431

Summary

ZAK in Appstation mode allows users to bypass the "Run only allowed apps" policy by starting Explorer from Office 97 applications (such as Word), installing software into the TEMP directory, and changing the name to that for an allowed application, such as Winword.exe.

Vulnerable Systems

Application

  • Microsoft Zero Administration Kit 1.0


References

BID - 181

NTBUGTRAQ - 19990109 WinNT, ZAK and Office 97

NTBUGTRAQ - 19990107 WinNT, ZAK and Office 97


Last Updated: 27 May 2016 10:35:26