CVE-1999-0975 : The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafi

The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed.

Published 1999-12-10 05:00:00

Updated 2008-09-09 12:36:35

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-1999-0975

Probability of exploitation activity in the next 30 days: 0.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 15 % EPSS Score History EPSS FAQ

CVSS scores for CVE-1999-0975

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-1999-0975

http://www.securityfocus.com/bid/868

Products affected by CVE-1999-0975

Microsoft » Windows Nt » Version: 4.0
cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 95
cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 98 » Update Gold
cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-1999-0975

Exploit prediction scoring system (EPSS) score for CVE-1999-0975

CVSS scores for CVE-1999-0975

References for CVE-1999-0975

Products affected by CVE-1999-0975