Vulnerability Name:

CVE-2004-0420 (CCN-14964)

Assigned:2004-01-28
Published:2004-01-28
Updated:2021-07-23
Summary:The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2004-0420

Source: CCN
Type: SA10736
Internet Explorer File Download Extension Spoofing

Source: SECUNIA
Type: UNKNOWN
10736

Source: CCN
Type: CIAC Information Bulletin 0-183
Microsoft Vulnerability in Windows Shell Could Allow Remote Code Execution

Source: CCN
Type: US-CERT VU#106324
Microsoft Windows contains a vulnerability in the way the Windows Shell launches applications

Source: CERT-VN
Type: US Government Resource
VU#106324

Source: CCN
Type: Microsoft Security Bulletin MS04-024
Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)

Source: BUGTRAQ
Type: UNKNOWN
20040127 RE: GOOROO CROSSING: File Spoofing Internet Explorer 6

Source: BUGTRAQ
Type: Exploit, Vendor Advisory
20040127 GOOROO CROSSING: File Spoofing Internet Explorer 6

Source: BID
Type: Exploit, Vendor Advisory
9510

Source: CCN
Type: BID-9510
Microsoft Windows Shell CLSID File Extension Misrepresentation Vulnerability

Source: CCN
Type: BID-9628
Microsoft Internet Explorer Shell: IFrame Cross-Zone Scripting Vulnerability

Source: CERT
Type: US Government Resource
TA04-196A

Source: MS
Type: UNKNOWN
MS04-024

Source: XF
Type: UNKNOWN
ie-clsid-file-extension-spoofing(14964)

Source: XF
Type: UNKNOWN
ie-clsid-file-extension-spoofing(14964)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2245

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2381

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2894

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:3386

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:3533

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:3604

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2004-0420 (CCN-16597)

    Assigned:2004-07-13
    Published:2004-07-13
    Updated:2004-07-13
    Summary:Microsoft Windows could allow a remote attacker to execute arbitrary code on the system. The Windows Shell application programming interface (API) allows a class identifier (CLSID) to be associated with a file type. A remote attacker could supply a specially-crafted URL containing a CLSID for the file type, which would allow the attacker to execute arbitrary code on the system, once the link is clicked. An attacker could exploit this vulnerability by hosting the malicious link on a Web site or by sending it to a victim as an HTML email and persuading the victim to click on the link.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2004-0420

    Source: CCN
    Type: SA10736
    Internet Explorer File Download Extension Spoofing

    Source: CCN
    Type: US-CERT VU#106324
    Microsoft Windows contains a vulnerability in the way the Windows Shell launches applications

    Source: CCN
    Type: Microsoft Security Bulletin MS04-024
    Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)

    Source: CCN
    Type: BID-9510
    Microsoft Windows Shell CLSID File Extension Misrepresentation Vulnerability

    Source: CCN
    Type: BID-9628
    Microsoft Internet Explorer Shell: IFrame Cross-Zone Scripting Vulnerability

    Source: CCN
    Type: IBM Internet Security Systems X-Force Database
    Microsoft Internet Explorer Object Data tags could allow an attacker to execute code

    Source: XF
    Type: UNKNOWN
    win-windowsshell-execute-code(16597)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:microsoft:windows_98:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_me:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:*:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:*:*:*:*:x64:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:2245
    V
    		Windows XP (32-bit,SP2/64-bit,SP1) Shell CLSID File Type Spoof Vulnerability
    2011-05-16
    oval:org.mitre.oval:def:3533
    V
    		Windows XP Shell CLSID File Type Spoof Vulnerability
    2011-05-16
    oval:org.mitre.oval:def:3386
    V
    		Windows 2000 Shell CLSID File Type Spoof Vulnerability
    2011-05-16
    oval:org.mitre.oval:def:2381
    V
    		Windows Server 2003 Shell CLSID File Type Spoof Vulnerability
    2011-05-09
    oval:org.mitre.oval:def:2894
    V
    		Windows XP (64-bit Gold) Shell CLSID File Type Spoof Vulnerability
    2011-05-09
    oval:org.mitre.oval:def:3604
    V
    		Windows NT Shell CLSID File Type Spoof Vulnerability
    2008-03-24
    BACK
    microsoft internet explorer 6.0
    microsoft internet explorer 6.0.2800.1106
    microsoft ie 6.0 sp1
    microsoft windows 98 *
    microsoft windows 98se *
    microsoft windows me *
    microsoft windows xp
    microsoft windows 2000 * sp2
    microsoft windows 2000 * sp3
    microsoft windows xp * sp1
    microsoft windows 2000 * sp4
    microsoft windows 2003_server
    microsoft windows 2003_server
    microsoft windows xp * sp1