Arbitrary Code Execution via Desktop.ini File in Windows XP Explorer

Arbitrary Code Execution via Desktop.ini File in Windows XP Explorer

CVE-2004-2289 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file.

Learn more about our Cis Benchmark Audit For Desktop Software.