CVE-2004-2289

Microsoft Windows XP Explorer - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2289. PoCs published by Roozbeh Afrasiabi.

AI-analyzed exploit summary This exploit leverages a vulnerability in Windows Explorer on Windows XP, allowing arbitrary code execution when a malicious folder is accessed. The PoC demonstrates executing NetMeeting and installing a keylogger by referencing executable content within the folder.

Description

Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Roozbeh Afrasiabi · textremotewindows

https://www.exploit-db.com/exploits/24125

View Code ZIP pw:eip

This exploit leverages a vulnerability in Windows Explorer on Windows XP, allowing arbitrary code execution when a malicious folder is accessed. The PoC demonstrates executing NetMeeting and installing a keylogger by referencing executable content within the folder.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Windows XP

No auth needed

Prerequisites: Access to the target system via local or SMB share · User interaction to open the malicious folder

MITRE ATT&CK