Vulnerability Description
ZAK in Appstation mode allows users to bypass the "Run only allowed apps" policy by starting Explorer from Office 97 applications (such as Word), installing software into the TEMP directory, and changing the name to that for an allowed application, such as Winword.exe.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Zero Administration Kit | 1.0 |
References
- http://marc.info/?l=ntbugtraq&m=91576100022688&w=2
- http://marc.info/?l=ntbugtraq&m=91606260910008&w=2
- http://www.securityfocus.com/bid/181ExploitVendor Advisory
- http://marc.info/?l=ntbugtraq&m=91576100022688&w=2
- http://marc.info/?l=ntbugtraq&m=91606260910008&w=2
- http://www.securityfocus.com/bid/181ExploitVendor Advisory
FAQ
What is CVE-1999-1431?
CVE-1999-1431 is a vulnerability with a CVSS score of 4.6 (MEDIUM). ZAK in Appstation mode allows users to bypass the "Run only allowed apps" policy by starting Explorer from Office 97 applications (such as Word), installing software into the TEMP directory, and chang...
How severe is CVE-1999-1431?
CVE-1999-1431 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-1999-1431?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Zero Administration Kit.