Vulnerability Description
The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy Sweeper before 2.0 does not drop privileges when using the help functionality, which allows local users to gain privileges.
CVSS Score
7.2
HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webroot Software | Spy Sweeper Enterprise | 1.5.1_build_3698 |
References
- http://secunia.com/advisories/13187PatchVendor Advisory
- http://secunia.com/secunia_research/2004-14/advisory/PatchVendor Advisory
- http://securitytracker.com/id?1012652PatchVendor Advisory
- http://www.osvdb.org/12534PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18628
- http://secunia.com/advisories/13187PatchVendor Advisory
- http://secunia.com/secunia_research/2004-14/advisory/PatchVendor Advisory
- http://securitytracker.com/id?1012652PatchVendor Advisory
- http://www.osvdb.org/12534PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18628
FAQ
What is CVE-2004-2676?
CVE-2004-2676 is a vulnerability with a CVSS score of 7.2 (HIGH). The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy Sweeper before 2.0 does not drop privileges when using the help functionality, which allows local users to gain privileges.
How severe is CVE-2004-2676?
CVE-2004-2676 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2676?
Check the references section above for vendor advisories and patch information. Affected products include: Webroot Software Spy Sweeper Enterprise.