PT-2004-2531 · Microsoft+2 · Notepad+++3

Published

2004-10-21

Updated

2017-07-11

CVE-2004-1624

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Carbon Copy version 6.0.5257

Description The issue allows local users to gain privileges via the help topic interface in CCW32.exe, which launches Notepad, or the help button in the Carbon Copy Scheduler (CCSched.exe), because system privileges are not dropped when opening external programs.

Recommendations For Carbon Copy version 6.0.5257, consider restricting access to the help topic interface in CCW32.exe and the help button in CCSched.exe to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1624

Affected Products

Ccsched.Exe

Ccw32.Exe

Carbon Copy

Notepad++

PT-2004-2531 · Microsoft+2 · Notepad+++3

CVE-2004-1624

Related Identifiers

Affected Products

References · 5