[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2004-2730Date: (C)2004-12-31   (M)2023-12-22


Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, (2) PsGetsid before 1.41, (3) PsInfo before 1.61, (4) PsKill before 1.03, (5) PsList before 1.26, (6) PsLoglist before 2.51, (7) PsPasswd before 1.21, (8) PsService before 2.12, (9) PsSuspend before 1.05, and (10) PsShutdown before 2.32, does not properly disconnect from remote IPC$ and ADMIN$ shares, which allows local users to access the shares with elevated privileges by using the existing share mapping.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.6
Exploit Score: 3.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1010737
BID-10759
SECUNIA-12108
OSVDB-8140
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=28304
pstools-gain-admin-access(16743)

CPE    11
cpe:/a:microsoft:pspasswd
cpe:/a:microsoft:sysinternals_pstools
cpe:/a:microsoft:psloglist
cpe:/a:microsoft:pssuspend
...
CWE    1
CWE-264

© SecPod Technologies