Vulnerability Database

324,292

Total vulnerabilities in the database

CVE-2004-1649

Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter. NOTE: this issue might not cross security boundaries, so it may be REJECTED in the future.

Published: Aug 31, 2004
Updated: Nov 9, 2025
CVE: CVE-2004-1649
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / windows_2000	-	-

http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025902.html
http://marc.info/?l=bugtraq&m=109413415205017&w=2
http://marc.info/?l=full-disclosure&m=109391133831787&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/17153

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo