VDB
CVE-2004-0420
CVE-2004-0420
PUBLISHED
CVSS 10 CRITICAL
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.
EPSS 47.54% · 97.8th percentile
Risk Scores
CVSS 2.0
10
EPSS Score
47.54%
97.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| microsoft | ie | 6.0 |
| microsoft | internet_explorer | 6.0, 6.0.2800.1106 |
| n/a | n/a | n/a |
Timeline
- Apr 20, 2004 CVE Published
- Sep 23, 2010 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- ie-clsid-file-extension-spoofing(14964) vdb
- 9510 vdb
- TA04-196A third-party-advisory
- 10736 third-party-advisory
- oval:org.mitre.oval:def:2894 vdb
- oval:org.mitre.oval:def:3386 vdb
- oval:org.mitre.oval:def:3604 vdb
- oval:org.mitre.oval:def:2245 vdb
- 20040127 GOOROO CROSSING: File Spoofing Internet Explorer 6 mailing-list
- oval:org.mitre.oval:def:3533 vdb
- VU#106324 third-party-advisory
- 20040127 RE: GOOROO CROSSING: File Spoofing Internet Explorer 6 mailing-list
- oval:org.mitre.oval:def:2381 vdb
- MS04-024 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2004-0420 advisory
- http://secunia.com/advisories/10736 url