CVE-2004-0420

Severity

99%

Complexity

99%

Confidentiality

165%

The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.

The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 20 years ago

2004-07-07 04:00:00

Last updated 6 years ago

2018-10-12 21:34:00

Affected Software

Microsoft Internet Explorer 6.0

6.0

Microsoft Internet Explorer 6.0.2800.1106

6.0.2800.1106

References

10736

VU#106324

US Government Resource

20040127 RE: GOOROO CROSSING: File Spoofing Internet Explorer 6

20040127 GOOROO CROSSING: File Spoofing Internet Explorer 6

Exploit, Vendor Advisory

9510

Exploit, Vendor Advisory

TA04-196A

US Government Resource

MS04-024

ie-clsid-file-extension-spoofing(14964)

oval:org.mitre.oval:def:2245

oval:org.mitre.oval:def:2381

oval:org.mitre.oval:def:2894

oval:org.mitre.oval:def:3386

oval:org.mitre.oval:def:3533

oval:org.mitre.oval:def:3604

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.