Lucene search

[email protected]CVE-2004-1624

HistoryFeb 20, 2005 - 5:00 a.m.

CVE-2004-1624

2005-02-2005:00:00

[email protected]

web.nvd.nist.gov

cve-2004-1624

carbon copy

privilege escalation

local users

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button in the Carbon Copy Scheduler (CCSched.exe).

Affected configurations

NVD

Node

altiriscarbon_copyMatch5.0

altiriscarbon_copyMatch6.0

CPENameOperatorVersion
altiris:carbon_copyaltiris carbon copyeq5.0
altiris:carbon_copyaltiris carbon copyeq6.0

CPE	Name	Operator	Version
altiris:carbon_copy	altiris carbon copy	eq	5.0
altiris:carbon_copy	altiris carbon copy	eq	6.0

References

marc.info/?l=bugtraq&m=109846296406459&w=2

secunia.com/advisories/12962

www.securityfocus.com/bid/11500

exchange.xforce.ibmcloud.com/vulnerabilities/17838

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2004-1624

nvd1 cvelist1