CVE-2004-0420 Information
Description
The Windows Shell application in Windows 98 Windows ME Windows NT 4.0 Windows 2000 Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.
Reference
http://secunia.com/advisories/10736/ http://www.kb.cert.org/vuls/id/106324 http://www.security-express.com/archives/bugtraq/2004-01/0300.html http://www.securityfocus.com/archive/1/351379 http://www.securityfocus.com/bid/9510 http://www.us-cert.gov/cas/techalerts/TA04-196A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-024 https://exchange.xforce.ibmcloud.com/vulnerabilities/14964 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A2245 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A2381 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A2894 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A3386 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A3533 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A3604
Share on: