| Vulnerability Name: | CCN-16648 | ||||||
| Published: | 2004-07-07 | ||||||
| Updated: | 2004-07-07 | ||||||
| Summary: | Microsoft Internet Explorer could allow a remote attacker to execute code on a victim's system. A remote attacker could create a malicious Web page that uses the Shell.Application ActiveX object, which would execute arbitrary code on the victim's system, once the file is executed from the local hard disk. An attacker could exploit this vulnerability by hosting the malicious Web page on a Web site or by sending it to a victim as an HTML email. An attacker could exploit this vulnerability to execute arbitrary code within a victimÂ’s local security zone. It may be possible to alter registry settings, including the modification of existing settings, which could cause previously patched vulnerabilities to again become vulnerable. | ||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||
| CVSS v2 Severity: | 7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: CCN Type: BugTraq Mailing List, Fri Jul 02 2004 - 16:32:56 CDT Registry Fix For Variant of Scob Source: CCN Type: BugTraq Mailing List, Fri Jul 02 2004 - 20:28:26 CDT THE INSIDER VULNERABILITY STILL WORKS AFTER TODAY'S PATCH Source: CCN Type: BugTraq Mailing List, Sat Jul 03 2004 - 09:35:32 CDT RE: [Full-Disclosure] THE VULNERABILITY STILL WORKS AFTER TODAY'S PATCH Source: CCN Type: BID-10652 Microsoft Internet Explorer Shell.Application Object Script Execution Weakness Source: XF Type: UNKNOWN ie-shellapplication-code-execution(16648) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||