Vulnerability Details : CVE-2004-0420
Potential exploit
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.
Vulnerability category: Execute code
Products affected by CVE-2004-0420
- cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-0420
96.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-0420
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2004-0420
-
http://www.kb.cert.org/vuls/id/106324
US Government Resource
-
http://www.us-cert.gov/cas/techalerts/TA04-196A.html
Page Not Found | CISAUS Government Resource
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3533
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/14964
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-024
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2381
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3604
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3386
-
http://www.securityfocus.com/bid/9510
Exploit;Vendor Advisory
-
http://www.securityfocus.com/archive/1/351379
Exploit;Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2245
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2894
-
http://www.security-express.com/archives/bugtraq/2004-01/0300.html
Jump to