CVE-2004-0420

critical

Microsoft

CVSS v3 Base Score

10.0

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS Score

47.5%

Exploitation probability in 30 days

Top 2% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

Integrity

Availability

Published: July 7, 2004 (7981 days ago)

Last Modified: April 16, 2026

Vendor: Microsoft

Source: NVD

Description

The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.

CWE

NVD-CWE-Other

Affected Products

microsoft iemicrosoft internet explorer

References

🔗 secunia.com 🔗 www.kb.cert.org 🔗 www.security-express.com 🔗 www.securityfocus.com 🔗 www.securityfocus.com

CVE-2004-0420

Vulnerability Report

Description

CWE

Affected Products

References