CVE-2004-0420Microsoft Internet Explorer vulnerability

3 documents3 sources
Severity
10.0CRITICALNVD
EPSS
47.5%
top 2.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedJul 7
Latest updateApr 29

Description

The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/internet_explorer6.0, 6.0.2800.1106+1
NVDmicrosoft/ie6.0

🔴Vulnerability Details

2
GHSA
GHSA-24gh-95jq-75q6: The Windows Shell application in Windows 98, Windows ME, Windows NT 42022-04-29
CVEList
CVE-2004-0420: The Windows Shell application in Windows 98, Windows ME, Windows NT 42004-04-20
CVE-2004-0420 — Microsoft vulnerability | cvebase