| Vulnerability Name: | CVE-2004-2504 (CCN-18287) | ||||||||
| Assigned: | 2004-11-29 | ||||||||
| Published: | 2004-11-29 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: BUGTRAQ Type: Exploit 20041129 Privilege escalation flaw in MDaemon 7.2. Source: CCN Type: Full-Disclosure Mailing List, Mon Nov 29 2004 - 09:44:26 CST Privilege escalation flaw in MDaemon 7.2. Source: FULLDISC Type: Exploit 20041129 Privilege escalation flaw in MDaemon 7.2. Source: FULLDISC Type: UNKNOWN 20041130 Re: Privilege escalation flaw in MDaemon 7.2. Source: MITRE Type: CNA CVE-2004-2504 Source: CCN Type: SA13225 MDaemon New File Creation Privilege Escalation Vulnerability Source: SECUNIA Type: Vendor Advisory 13225 Source: CCN Type: SECTRACK ID: 1012350 MDaemon System Tray Icon Lets Local Users Gain System Privileges Source: SECTRACK Type: Exploit 1012350 Source: CCN Type: Alt-N Technologies Web site Alt-N Technologies Source: OSVDB Type: UNKNOWN 12158 Source: CCN Type: OSVDB ID: 12158 MDaemon File Creation Local Privilege Escalation Source: BID Type: UNKNOWN 11736 Source: CCN Type: BID-11736 Alt-N MDaemon Local Privilege Escalation Vulnerability Source: XF Type: UNKNOWN mdaemon-gain-privileges(18287) Source: XF Type: UNKNOWN mdaemon-gain-privileges(18287) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||