PT-2004-1559 · Microsoft · Windows 98+7

Published

2004-04-20

Updated

2021-07-23

CVE-2004-0420

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Windows Shell versions in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003

Description The issue allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename. This can be demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.

Recommendations For Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0420

Affected Products

Internet Explorer

Windows 2000

Windows 98

Windows Me

Windows Nt 4.0

Windows Server 2003

Windows Shell

Windows Xp

PT-2004-1559 · Microsoft · Windows 98+7

CVE-2004-0420

Related Identifiers

Affected Products

References · 15