PT-2004-2531 · Microsoft+2 · Notepad+++3

Publicado

2004-10-21

Atualizado

2017-07-11

CVE-2004-1624

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Carbon Copy version 6.0.5257

Description The issue allows local users to gain privileges via the help topic interface in CCW32.exe, which launches Notepad, or the help button in the Carbon Copy Scheduler (CCSched.exe), because system privileges are not dropped when opening external programs.

Recommendations For Carbon Copy version 6.0.5257, consider restricting access to the help topic interface in CCW32.exe and the help button in CCSched.exe to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-1624

Produtos afetados

Ccsched.Exe

Ccw32.Exe

Carbon Copy

Notepad++

PT-2004-2531 · Microsoft+2 · Notepad+++3

CVE-2004-1624

Identificadores relacionados

Produtos afetados

Referências · 5