Vulnerabilities > CVE-2004-2676 - Local Security vulnerability in Webroot Software SPY Sweeper Enterprise 1.5.1Build3698

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

webroot-software

NVD

Published: 2004-12-31

Updated: 2017-07-29

Summary

The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy Sweeper before 2.0 does not drop privileges when using the help functionality, which allows local users to gain privileges.

Vulnerable Configurations

Part	Description	Count
Application	Webroot_Software Webroot Software SPY Sweeper Enterprise 1.5.1_Build_3698	1

References

http://secunia.com/advisories/13187
http://secunia.com/secunia_research/2004-14/advisory/
http://securitytracker.com/id?1012652
http://www.osvdb.org/12534
https://exchange.xforce.ibmcloud.com/vulnerabilities/18628