Vulnerabilities > CVE-2004-2289 - Unspecified vulnerability in Microsoft Windows XP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 3 |
Exploit-Db
| description | Microsoft Windows XP Self-Executing Folder Vulnerability. CVE-2004-2289. Remote exploit for windows platform |
| id | EDB-ID:24125 |
| last seen | 2016-02-02 |
| modified | 2004-05-17 |
| published | 2004-05-17 |
| reporter | Roozbeh Afrasiabi |
| source | https://www.exploit-db.com/download/24125/ |
| title | Microsoft Windows XP Self-Executing Folder Vulnerability |
References
- http://archives.neohapsis.com/archives/bugtraq/2004-05/0168.html
- http://secunia.com/advisories/11633
- http://www.freewebs.com/roozbeh_afrasiabi/xploit/execute.htm
- http://www.osvdb.org/6221
- http://www.securityfocus.com/bid/10363
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-015
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16171