CVE ID:	CVE-2004-0572
Description:	Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0572 http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0290.html Microsoft Security Bulletin: MS04-037 http://www.microsoft.com/technet/security/bulletin/ms04-037.asp CERT/CC vulnerability note: VU#543864 http://www.kb.cert.org/vuls/id/543864 BugTraq ID: 10677 http://www.securityfocus.com/bid/10677 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1279 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1837 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1843 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2753 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3071 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3768 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3822 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4244 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4493 XForce ISS Database: win-grpconv-bo(16664) http://xforce.iss.net/xforce/xfdb/16664 XForce ISS Database: win-ms04037-patch(17662) http://xforce.iss.net/xforce/xfdb/17662

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: