CVE-2004-0572 Information

Description

Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension which is not properly handled when the shell capability launches grpconv.exe.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0290.html http://www.kb.cert.org/vuls/id/543864 http://www.securityfocus.com/bid/10677 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-037 https://exchange.xforce.ibmcloud.com/vulnerabilities/16664 https://exchange.xforce.ibmcloud.com/vulnerabilities/17662 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1279 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1837 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1843 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A2753 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A3071 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A3768 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A3822 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A4244 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A4493