CVE-2004-1624
Severity Score
7.2
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button in the Carbon Copy Scheduler (CCSched.exe).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2004-10-21 CVE Published
- 2005-02-20 CVE Reserved
- 2023-03-08 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=109846296406459&w=2 | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17838 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/12962 | 2017-07-11 | |
| http://www.securityfocus.com/bid/11500 | 2017-07-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Altiris Search vendor "Altiris" | Carbon Copy Search vendor "Altiris" for product "Carbon Copy" | 5.0 Search vendor "Altiris" for product "Carbon Copy" and version "5.0" | - |
Affected
| ||||||
| Altiris Search vendor "Altiris" | Carbon Copy Search vendor "Altiris" for product "Carbon Copy" | 6.0 Search vendor "Altiris" for product "Carbon Copy" and version "6.0" | - |
Affected
| ||||||