Vulnerability Description
Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button in the Carbon Copy Scheduler (CCSched.exe).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Altiris | Carbon Copy | 5.0 |
References
- http://marc.info/?l=bugtraq&m=109846296406459&w=2
- http://secunia.com/advisories/12962Vendor Advisory
- http://www.securityfocus.com/bid/11500Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17838
- http://marc.info/?l=bugtraq&m=109846296406459&w=2
- http://secunia.com/advisories/12962Vendor Advisory
- http://www.securityfocus.com/bid/11500Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17838
FAQ
What is CVE-2004-1624?
CVE-2004-1624 is a vulnerability with a CVSS score of 7.2 (HIGH). Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CC...
How severe is CVE-2004-1624?
CVE-2004-1624 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1624?
Check the references section above for vendor advisories and patch information. Affected products include: Altiris Carbon Copy.