| Vulnerability Name: | CCN-8043 | ||||||
| Published: | 2002-01-30 | ||||||
| Updated: | 2002-01-30 | ||||||
| Summary: | Microsoft Windows NT, Windows 2000, and Windows XP using NTFS (NT file system) could allow a local attacker to hide malicious files or viruses on the system. NTFS has a 32000 character path limit, but Microsoft Windows systems have a 256 character path limit. A local attacker could create directories on the file system using the "SUBST" command that exceed the 256 character limit. This could allow an attacker to place malicious files or viruses on a system, which would not be accessible using Windows Explorer and would fail detection by most virus scanning software. | ||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||
| CVSS v2 Severity: | 2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
| ||||||
| Vulnerability Consequences: | Bypass Security | ||||||
| References: | Source: CCN Type: BugTraq Mailing List, Wed Jan 30 2002 - 02:33:33 CST Long path exploit on NTFS Source: CCN Type: BugTraq Mailing List, Wed Jan 30 2002 - 11:42:22 CST RE: Long path exploit on NTFS Source: CCN Type: BugTraq Mailing List, Wed Jan 30 2002 - 10:40:53 CST Betr.: Long path exploit on NTFS Source: CCN Type: BugTraq Mailing List, Wed Jan 30 2002 - 12:39:12 CST RE: Long path exploit on NTFS Source: CCN Type: BugTraq Mailing List, Thu Jan 31 2002 - 07:37:51 CST RE: Long path exploit on NTFS Source: CCN Type: BugTraq Mailing List, Thu Jan 31 2002 - 11:12:38 CST RE: Long path exploit on NTFS Source: CCN Type: BugTraq Mailing List, Fri Feb 01 2002 - 06:25:14 CST Long path exploit on NTFS - F-Secure Anti-Virus not vulnerable Source: CCN Type: BID-3989 Microsoft Windows NTFS File Hiding Vulnerability Source: XF Type: UNKNOWN win-ntfs-file-hiding(8043) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||