Lucene search

[email protected]CVE-2004-2676

HistoryJan 29, 2007 - 4:00 p.m.

CVE-2004-2676

2007-01-2916:00:00

[email protected]

web.nvd.nist.gov

spy sweeper

enterprise client

privilege escalation

nvd

cve-2004-2676

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy Sweeper before 2.0 does not drop privileges when using the help functionality, which allows local users to gain privileges.

Affected configurations

NVD

Node

webroot_softwarespy_sweeper_enterpriseMatch1.5.1_build_3698

CPENameOperatorVersion
webroot_software:spy_sweeper_enterprisewebroot software spy sweeper enterpriseeq1.5.1_build_3698

CPE	Name	Operator	Version
webroot_software:spy_sweeper_enterprise	webroot software spy sweeper enterprise	eq	1.5.1_build_3698

References

secunia.com/advisories/13187

secunia.com/secunia_research/2004-14/advisory/

securitytracker.com/id?1012652

www.osvdb.org/12534

exchange.xforce.ibmcloud.com/vulnerabilities/18628

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2004-2676

cvelist1 securityvulns1 nvd1