VDB

CVE-2004-0420

CVE-2004-0420 PUBLISHED CVSS 10 CRITICAL

The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.

EPSS 47.54% · 97.8th percentile

Risk Scores

CVSS 2.0
10
EPSS Score
47.54%
97.8th percentile

Affected Products

VendorProductVersions
microsoftie6.0
microsoftinternet_explorer6.0, 6.0.2800.1106
n/an/an/a

Timeline

  • Apr 20, 2004 CVE Published
  • Sep 23, 2010 PoC Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 20, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Oct 26, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 9, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • May 25, 2023 EPSS Score
  • Jul 17, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›