Vulnerabilities > CVE-2004-0420 - Unspecified vulnerability in Microsoft IE and Internet Explorer
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS04-024.NASL |
| description | The remote host is running a version of Windows that has a flaw in its shell. An attacker could persuade a user on the remote host to execute a rogue program by using a CLSID instead of a file type, thus fooling the user into thinking that he will not execute an application but simply open a document. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 13642 |
| published | 2004-07-13 |
| reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/13642 |
| title | MS04-024: Buffer overrun in Windows Shell (839645) |
Oval
accepted 2011-05-16T04:02:26.602-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Dragos Prisaca organization Gideon Technologies, Inc. name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP. family windows id oval:org.mitre.oval:def:2245 status accepted submitted 2004-07-14T12:00:00.000-04:00 title Windows XP (32-bit,SP2/64-bit,SP1) Shell CLSID File Type Spoof Vulnerability version 71 accepted 2011-05-09T04:01:28.440-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Shane Shaffer organization G2, Inc.
description The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP. family windows id oval:org.mitre.oval:def:2381 status accepted submitted 2004-07-14T12:00:00.000-04:00 title Windows Server 2003 Shell CLSID File Type Spoof Vulnerability version 67 accepted 2011-05-09T04:01:29.520-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Shane Shaffer organization G2, Inc.
description The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP. family windows id oval:org.mitre.oval:def:2894 status accepted submitted 2004-07-14T12:00:00.000-04:00 title Windows XP (64-bit Gold) Shell CLSID File Type Spoof Vulnerability version 67 accepted 2011-05-16T04:02:46.089-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Shane Shaffer organization G2, Inc. name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP. family windows id oval:org.mitre.oval:def:3386 status accepted submitted 2004-10-04T01:00:00.000-04:00 title Windows 2000 Shell CLSID File Type Spoof Vulnerability version 71 accepted 2011-05-16T04:02:49.354-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Shane Shaffer organization G2, Inc. name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP. family windows id oval:org.mitre.oval:def:3533 status accepted submitted 2004-07-14T12:00:00.000-04:00 title Windows XP Shell CLSID File Type Spoof Vulnerability version 72 accepted 2008-03-24T04:00:30.461-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Jeff Cheng organization Opsware, Inc. name Jonathan Baker organization The MITRE Corporation
definition_extensions comment Microsoft Windows NT is installed oval oval:org.mitre.oval:def:36 description The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP. family windows id oval:org.mitre.oval:def:3604 status accepted submitted 2004-10-04T01:00:00.000-04:00 title Windows NT Shell CLSID File Type Spoof Vulnerability version 73
References
- http://www.securityfocus.com/archive/1/351379
- http://www.securityfocus.com/bid/9510
- http://www.kb.cert.org/vuls/id/106324
- http://www.security-express.com/archives/bugtraq/2004-01/0300.html
- http://secunia.com/advisories/10736/
- http://www.us-cert.gov/cas/techalerts/TA04-196A.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14964
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3604
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3533
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3386
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2894
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2381
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2245
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-024