Lucene search

[email protected]CVE-2004-2289

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2289

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

microsoft windows xp

explorer

vulnerability

arbitrary code execution

desktop.ini file

cve-2004-2289

nvd

7.3 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.008 Low

EPSS

Percentile

82.0%

JSON

Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file.

CPENameOperatorVersion
microsoft:windows_xpmicrosoft windows xpeq*

CPE	Name	Operator	Version
microsoft:windows_xp	microsoft windows xp	eq	*

References

archives.neohapsis.com/archives/bugtraq/2004-05/0168.html

secunia.com/advisories/11633

www.freewebs.com/roozbeh_afrasiabi/xploit/execute.htm

www.osvdb.org/6221

www.securityfocus.com/bid/10363

docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-015

exchange.xforce.ibmcloud.com/vulnerabilities/16171

7.3 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.008 Low

EPSS

Percentile

82.0%

JSON

Related for CVE-2004-2289

securityvulns1