7.6 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.967 High
EPSS
Percentile
99.6%
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.
secunia.com/advisories/10736/
www.kb.cert.org/vuls/id/106324
www.security-express.com/archives/bugtraq/2004-01/0300.html
www.securityfocus.com/archive/1/351379
www.securityfocus.com/bid/9510
www.us-cert.gov/cas/techalerts/TA04-196A.html
docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-024
exchange.xforce.ibmcloud.com/vulnerabilities/14964
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2245
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2381
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2894
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3386
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3533
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3604