{"api_version":"1","generated_at":"2026-04-23T00:40:04+00:00","cve":"CVE-2004-1149","urls":{"html":"https://cve.report/CVE-2004-1149","api":"https://cve.report/api/cve/CVE-2004-1149.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2004-1149","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2004-1149"},"summary":{"title":"CVE-2004-1149","description":"Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe.","state":"PUBLISHED","assigner":"mitre","published_at":"2005-01-10 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.2","severity":"","vector":"AV:L/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter","name":"http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Unicenter ServicePlus Knowledge Tools","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/18502","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/18502","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.idefense.com/application/poi/display?id=164","name":"http://www.idefense.com/application/poi/display?id=164","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"iDEFENSE","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2004-1149","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2004-1149","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2004","cve_id":"1149","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"broadcom","cpe5":"etrust_ez_antivirus","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"1149","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"broadcom","cpe5":"etrust_ez_antivirus","cpe6":"7.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"1149","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"broadcom","cpe5":"etrust_ez_antivirus","cpe6":"7.0.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"1149","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"broadcom","cpe5":"etrust_ez_antivirus","cpe6":"7.0.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"1149","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"broadcom","cpe5":"etrust_ez_antivirus","cpe6":"7.0.1.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"1149","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"broadcom","cpe5":"etrust_ez_antivirus","cpe6":"7.0.1.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"1149","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"broadcom","cpe5":"etrust_ez_antivirus","cpe6":"7.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"1149","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"broadcom","cpe5":"etrust_ez_antivirus","cpe6":"7.0.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"1149","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"broadcom","cpe5":"etrust_ez_antivirus","cpe6":"7.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"1149","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"broadcom","cpe5":"etrust_ez_antivirus","cpe6":"7.0.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T00:39:00.869Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"etrust-antivirus-insecure-permissions(18502)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/18502"},{"name":"20041215 Computer Associates eTrust EZ Antivirus Insecure File Permission Vulnerability","tags":["third-party-advisory","x_refsource_IDEFENSE","x_transferred"],"url":"http://www.idefense.com/application/poi/display?id=164"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2004-12-15T00:00:00.000Z","descriptions":[{"lang":"en","value":"Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-10T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"etrust-antivirus-insecure-permissions(18502)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/18502"},{"name":"20041215 Computer Associates eTrust EZ Antivirus Insecure File Permission Vulnerability","tags":["third-party-advisory","x_refsource_IDEFENSE"],"url":"http://www.idefense.com/application/poi/display?id=164"},{"tags":["x_refsource_CONFIRM"],"url":"http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2004-1149","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"etrust-antivirus-insecure-permissions(18502)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/18502"},{"name":"20041215 Computer Associates eTrust EZ Antivirus Insecure File Permission Vulnerability","refsource":"IDEFENSE","url":"http://www.idefense.com/application/poi/display?id=164"},{"name":"http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter","refsource":"CONFIRM","url":"http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2004-1149","datePublished":"2004-12-22T05:00:00.000Z","dateReserved":"2004-12-07T00:00:00.000Z","dateUpdated":"2024-08-08T00:39:00.869Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2005-01-10 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:etrust_ez_antivirus:7.0:*:*:*:*:*:*:*","matchCriteriaId":"538F7CEC-D8A8-444F-9A9C-D1FF01EA7450"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:etrust_ez_antivirus:7.0.1:*:*:*:*:*:*:*","matchCriteriaId":"9DC48481-85D1-4994-A0FC-52EEB10674DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:etrust_ez_antivirus:7.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"88DEEF09-6AA0-4CF8-A628-20391E4760BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:etrust_ez_antivirus:7.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"3E7B39A0-DC49-4B16-849C-A2DEB0D5266D"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:etrust_ez_antivirus:7.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"5D8FED44-3636-4185-A04F-2A513C39BC37"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:etrust_ez_antivirus:7.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"1C6ED59B-E249-47EF-9832-D0F61ECEA48D"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:etrust_ez_antivirus:7.0.2:*:*:*:*:*:*:*","matchCriteriaId":"76435176-7C11-4022-9FE2-DF67D1344219"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:etrust_ez_antivirus:7.0.2.1:*:*:*:*:*:*:*","matchCriteriaId":"004D428A-AA27-4F6C-9486-B49826FFD267"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:etrust_ez_antivirus:7.0.3:*:*:*:*:*:*:*","matchCriteriaId":"C296FCA2-7871-49F2-A221-B3CC38B28BFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:etrust_ez_antivirus:7.0.4:*:*:*:*:*:*:*","matchCriteriaId":"C6F02886-32E3-44DF-A851-823F0F343D62"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2004","CveId":"1149","Ordinal":"1","Title":"CVE-2004-1149","CVE":"CVE-2004-1149","Year":"2004"},"notes":[{"CveYear":"2004","CveId":"1149","Ordinal":"1","NoteData":"Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe.","Type":"Description","Title":"CVE-2004-1149"},{"CveYear":"2004","CveId":"1149","Ordinal":"2","NoteData":"2004-12-22","Type":"Other","Title":"Published"},{"CveYear":"2004","CveId":"1149","Ordinal":"3","NoteData":"2017-07-10","Type":"Other","Title":"Modified"}]}}}