Details of VAR-200501-0208

ID

VAR-200501-0208

CVE

CVE-2004-1313

TITLE

Webroot MyFirewallPlus smc.exe Privilege escalation vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200501-161

DESCRIPTION

The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before invoking help, which allows local users to gain privileges. My Firewall Plus is prone to a local security vulnerability

Trust: 1.26

sources: NVD: CVE-2004-1313 // BID: 90486 // VULHUB: VHN-9743

AFFECTED PRODUCTS

vendor:	webroot	model:	my firewall plus	scope:	eq	version:	5.0	Trust: 1.6
vendor:	webroot	model:	software my firewall plus	scope:	eq	version:	5.0	Trust: 0.3

sources: BID: 90486 // CNNVD: CNNVD-200501-161 // NVD: CVE-2004-1313

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1313
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200501-161
value:	HIGH
Trust: 0.6
VULHUB:	VHN-9743
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-1313
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-9743
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-9743 // CNNVD: CNNVD-200501-161 // NVD: CVE-2004-1313

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1313

THREAT TYPE

local

Trust: 0.9

sources: BID: 90486 // CNNVD: CNNVD-200501-161

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200501-161

EXTERNAL IDS

db:	NVD	id:	CVE-2004-1313	Trust: 2.0
db:	XF	id:	18622	Trust: 0.9
db:	CNNVD	id:	CNNVD-200501-161	Trust: 0.7
db:	BID	id:	90486	Trust: 0.4
db:	VULHUB	id:	VHN-9743	Trust: 0.1

sources: VULHUB: VHN-9743 // BID: 90486 // CNNVD: CNNVD-200501-161 // NVD: CVE-2004-1313

REFERENCES

url:	http://secunia.com/secunia_research/2004-16/	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/18622	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/18622	Trust: 0.9
url:	-	Trust: 0.1

sources: VULHUB: VHN-9743 // BID: 90486 // CNNVD: CNNVD-200501-161 // NVD: CVE-2004-1313

CREDITS

Unknown

Trust: 0.3

sources: BID: 90486

SOURCES

db:	VULHUB	id:	VHN-9743
db:	BID	id:	90486
db:	CNNVD	id:	CNNVD-200501-161
db:	NVD	id:	CVE-2004-1313

LAST UPDATE DATE

2024-08-14T13:51:12.203000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-9743	date:	2017-07-11T00:00:00
db:	BID	id:	90486	date:	2005-01-10T00:00:00
db:	CNNVD	id:	CNNVD-200501-161	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-1313	date:	2017-07-11T01:30:54.887

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-9743	date:	2005-01-10T00:00:00
db:	BID	id:	90486	date:	2005-01-10T00:00:00
db:	CNNVD	id:	CNNVD-200501-161	date:	2005-01-10T00:00:00
db:	NVD	id:	CVE-2004-1313	date:	2005-01-10T05:00:00