ID CVE-2004-0572
Summary Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:grpconv:*:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:grpconv:*:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 12-10-2018 - 21:34)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2004-12-09T08:46:00.000-04:00
    class vulnerability
    contributors
    name Andrew Buttner
    organization The MITRE Corporation
    description Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.
    family windows
    id oval:org.mitre.oval:def:1279
    status accepted
    submitted 2004-10-14T03:38:00.000-04:00
    title Windows 98 Program Group Converter Buffer Overflow
    version 2
  • accepted 2011-05-16T04:01:55.499-04:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.
    family windows
    id oval:org.mitre.oval:def:1837
    status accepted
    submitted 2004-10-14T03:39:00.000-04:00
    title Windows XP (64-Bit) Program Group Converter Buffer Overflow in grpconv.exe
    version 72
  • accepted 2011-05-16T04:01:56.952-04:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.
    family windows
    id oval:org.mitre.oval:def:1843
    status accepted
    submitted 2004-10-14T03:39:00.000-04:00
    title Windows XP (32-Bit) Program Group Converter Buffer Overflow
    version 69
  • accepted 2004-12-09T08:46:00.000-04:00
    class vulnerability
    contributors
    name Andrew Buttner
    organization The MITRE Corporation
    description Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.
    family windows
    id oval:org.mitre.oval:def:2753
    status accepted
    submitted 2004-10-14T03:39:00.000-04:00
    title Windows 2000 Program Group Converter Buffer Overflow
    version 63
  • accepted 2008-03-24T04:00:26.547-04:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Jonathan Baker
      organization The MITRE Corporation
    definition_extensions
    comment Microsoft Windows NT is installed
    oval oval:org.mitre.oval:def:36
    description Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.
    family windows
    id oval:org.mitre.oval:def:3071
    status accepted
    submitted 2004-10-14T03:39:00.000-04:00
    title Windows NT Program Group Converter Buffer Overflow
    version 69
  • accepted 2004-12-09T08:46:00.000-04:00
    class vulnerability
    contributors
    name Andrew Buttner
    organization The MITRE Corporation
    description Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.
    family windows
    id oval:org.mitre.oval:def:3768
    status accepted
    submitted 2004-10-14T03:38:00.000-04:00
    title Windows ME Program Group Converter Buffer Overflow
    version 2
  • accepted 2011-05-16T04:02:53.715-04:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.
    family windows
    id oval:org.mitre.oval:def:3822
    status accepted
    submitted 2004-10-14T03:38:00.000-04:00
    title Windows XP (64-Bit) Program Group Converter Buffer Overflow in shell32.dll
    version 71
  • accepted 2004-12-09T08:46:00.000-04:00
    class vulnerability
    contributors
    name Andrew Buttner
    organization The MITRE Corporation
    description Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.
    family windows
    id oval:org.mitre.oval:def:4244
    status accepted
    submitted 2004-10-14T03:39:00.000-04:00
    title Windows 2003 (32-Bit) Program Group Converter Buffer Overflow
    version 63
  • accepted 2009-12-21T04:00:31.880-05:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    description Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.
    family windows
    id oval:org.mitre.oval:def:4493
    status accepted
    submitted 2004-10-14T03:39:00.000-04:00
    title Windows 2003 (64-Bit) Program Group Converter Buffer Overflow
    version 67
refmap via4
bid 10677
cert-vn VU#543864
fulldisc 20040707 Re: shell:windows command question
ms MS04-037
xf
  • win-grpconv-bo(16664)
  • win-ms04037-patch(17662)
Last major update 12-10-2018 - 21:34
Published 03-11-2004 - 05:00
Back to Top