CVE-2004-1624
First published: Thu Oct 21 2004(Updated: )
Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button in the Carbon Copy Scheduler (CCSched.exe).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Altiris Carbon Copy | =6.0 | |
| Altiris Carbon Copy | =5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-1624?
CVE-2004-1624 is considered a medium-severity vulnerability due to its potential for privilege escalation.
How do I fix CVE-2004-1624?
To fix CVE-2004-1624, upgrade to a patched version of Carbon Copy that addresses this vulnerability.
What systems are affected by CVE-2004-1624?
CVE-2004-1624 affects Altiris Carbon Copy versions 5.0 and 6.0.
Can CVE-2004-1624 be exploited remotely?
CVE-2004-1624 cannot be exploited remotely as it requires local user access to the system.
What is the cause of CVE-2004-1624?
CVE-2004-1624 is caused by Carbon Copy not dropping system privileges when executing external programs through its help interface.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/tags
- agent/author
- agent/event
- agent/description
- agent/source
- vendor/altiris
- canonical/altiris carbon copy
- version/altiris carbon copy/6.0
- version/altiris carbon copy/5.0