Oval Definition:oval:org.mitre.oval:def:3386
Revision Date:2011-05-16Version:48
Title:Windows 2000 Shell CLSID File Type Spoof Vulnerability
Description:The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2004-0420
Platform(s):Microsoft Windows 2000
Product(s):
Definition Synopsis
  • Windows 2000 is installed
  • AND the version of shell32.dll is less than 5.0.3900.6922
  • AND Win2K/XP/2003 service pack 2 (or later) is installed
    • BACK