CVE-2004-1624

Severity

72%

Complexity

39%

Confidentiality

165%

Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button in the Carbon Copy Scheduler (CCSched.exe).

Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button in the Carbon Copy Scheduler (CCSched.exe).

CVSS 2.0 Base Score 7.2. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C).

Overview

Type

Altiris Carbon Copy Consumer Client

First reported 20 years ago

2004-10-21 04:00:00

Last updated 7 years ago

2017-07-11 01:31:00

Affected Software

Altiris Carbon Copy Consumer Client 5.0

5.0

Altiris Carbon Copy Consumer Client 6.0

6.0

References

20041022 [Fwd: Altiris Carbon Copy Remote Control local SYSTEM exploitation.]

12962

Vendor Advisory

11500

Vendor Advisory

carboncopy-help-gain-privileges(17838)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.