Back to search
CVE-2004-0420
Published: Apr 20, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ie-clsid-file-extension-spoofing(14964)
vdb-entry
x_refsource_XF
9510
vdb-entry
x_refsource_BID
TA04-196A
third-party-advisory
x_refsource_CERT
10736
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:2894
vdb-entry
signature
x_refsource_OVAL
oval:org.mitre.oval:def:3386
vdb-entry
signature
x_refsource_OVAL
oval:org.mitre.oval:def:3604
vdb-entry
signature
x_refsource_OVAL
oval:org.mitre.oval:def:2245
vdb-entry
signature
x_refsource_OVAL
20040127 GOOROO CROSSING: File Spoofing Internet Explorer 6
mailing-list
x_refsource_BUGTRAQ
oval:org.mitre.oval:def:3533
vdb-entry
signature
x_refsource_OVAL
VU#106324
third-party-advisory
x_refsource_CERT-VN
20040127 RE: GOOROO CROSSING: File Spoofing Internet Explorer 6
mailing-list
x_refsource_BUGTRAQ
oval:org.mitre.oval:def:2381
vdb-entry
signature
x_refsource_OVAL
MS04-024
vendor-advisory
x_refsource_MS
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now