Vulnerability Name:

CVE-2004-0572 (CCN-16664)

Assigned:2004-07-07
Published:2004-07-07
Updated:2018-10-12
Summary:Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Full-Disclosure Mailing List, Wed Jul 07 2004 - 14:25:12 CDT
Re: [Full-Disclosure] shell:windows command question

Source: FULLDISC
Type: Exploit, Vendor Advisory
20040707 Re: shell:windows command question

Source: MITRE
Type: CNA
CVE-2004-0572

Source: CCN
Type: CIAC Informatin Bulletin P-007
Microsoft Windows Shell and Program Group Converter Vulnerabilities

Source: CCN
Type: US-CERT VU#543864
Microsoft Windows Program Group Converter vulnerable to buffer overflow

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#543864

Source: CCN
Type: Microsoft Security Bulletin MS04-037
Vulnerability in Windows Shell Could Allow Remote Code Execution (841356)

Source: BID
Type: Patch, Vendor Advisory
10677

Source: CCN
Type: BID-10677
Microsoft Windows Program Group Converter Filename Local Buffer Overrun Vulnerability

Source: MS
Type: UNKNOWN
MS04-037

Source: XF
Type: UNKNOWN
win-grpconv-bo(16664)

Source: XF
Type: UNKNOWN
win-grpconv-bo(16664)

Source: XF
Type: UNKNOWN
win-ms04037-patch(17662)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1279

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1837

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1843

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2753

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:3071

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:3768

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:3822

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:4244

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:4493

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:grpconv:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:microsoft:windows_98:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_me:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp6:*:*:terminal_server:*:x86:*
  • OR cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:x64:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:1837
    V
    		Windows XP (64-Bit) Program Group Converter Buffer Overflow in grpconv.exe
    2011-05-16
    oval:org.mitre.oval:def:1843
    V
    		Windows XP (32-Bit) Program Group Converter Buffer Overflow
    2011-05-16
    oval:org.mitre.oval:def:3822
    V
    		Windows XP (64-Bit) Program Group Converter Buffer Overflow in shell32.dll
    2011-05-16
    oval:org.mitre.oval:def:4493
    V
    		Windows 2003 (64-Bit) Program Group Converter Buffer Overflow
    2009-12-21
    oval:org.mitre.oval:def:3071
    V
    		Windows NT Program Group Converter Buffer Overflow
    2008-03-24
    oval:org.mitre.oval:def:4244
    V
    		Windows 2003 (32-Bit) Program Group Converter Buffer Overflow
    2004-12-09
    oval:org.mitre.oval:def:1279
    V
    		Windows 98 Program Group Converter Buffer Overflow
    2004-12-09
    oval:org.mitre.oval:def:3768
    V
    		Windows ME Program Group Converter Buffer Overflow
    2004-12-09
    oval:org.mitre.oval:def:2753
    V
    		Windows 2000 Program Group Converter Buffer Overflow
    2004-12-09
    BACK
    microsoft grpconv *
    microsoft windows 98 *
    microsoft windows 98se *
    microsoft windows nt 4.0 sp6a
    microsoft windows me *
    microsoft windows xp
    microsoft windows 2000 - sp3
    microsoft windows xp - sp1
    microsoft windows 2000 - sp4
    microsoft windows 2003_server
    microsoft windows 2003 server *
    microsoft windows nt 4.0 sp6
    microsoft windows xp - sp1