Oval Definition:	oval:org.mitre.oval:def:1843
Revision Date: 2011-05-16 Version: 47 Title: Windows XP (32-Bit) Program Group Converter Buffer Overflow Description: Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2004-0572 Platform(s): Microsoft Windows XP Product(s): Program Group Converter Definition Synopsis Windows XP is installed AND 32-Bit version of Windows is installed AND NOT Win2K/XP/2003 service pack 2 (or later) is installed AND a vulnerable version of grpconv.exe exists no service pack is installed and a vulnerable version of grpconv.exe exists NOT Win2K/XP/2003 is patched AND the version of grpconv.exe is less than 5.1.2600.166 OR service pack 1 is installed and a vulnerable version of grpconv.exe exists Win2K/XP/2003/Vista service pack 1 is installed AND the version of grpconv.exe is less than 5.1.2600.1580 AND NOT the patch q841356 is installed (Hotfix key)
BACK