{"api_version":"1","generated_at":"2026-04-23T08:38:17+00:00","cve":"CVE-2004-2504","urls":{"html":"https://cve.report/CVE-2004-2504","api":"https://cve.report/api/cve/CVE-2004-2504.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2004-2504","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2004-2504"},"summary":{"title":"CVE-2004-2504","description":"The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges.","state":"PUBLISHED","assigner":"mitre","published_at":"2004-12-31 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.2","severity":"","vector":"AV:L/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.securityfocus.com/bid/11736","name":"http://www.securityfocus.com/bid/11736","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Alt-N MDaemon Local Privilege Escalation Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1353.html","name":"http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1353.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/18287","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/18287","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/13225","name":"http://secunia.com/advisories/13225","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Secunia - Advisories - MDaemon New File Creation Privilege Escalation Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://archives.neohapsis.com/archives/bugtraq/2004-11/0385.html","name":"http://archives.neohapsis.com/archives/bugtraq/2004-11/0385.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://securitytracker.com/id?1012350","name":"http://securitytracker.com/id?1012350","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"SecurityTracker.com Archives - MDaemon System Tray Icon Lets Local Users Gain System Privileges","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/12158","name":"http://www.osvdb.org/12158","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1324.html","name":"http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1324.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2004-2504","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2004-2504","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2004","cve_id":"2504","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"alt-n","cpe5":"mdaemon","cpe6":"6.8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2504","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"alt-n","cpe5":"mdaemon","cpe6":"6.8.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2504","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"alt-n","cpe5":"mdaemon","cpe6":"6.8.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2504","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"alt-n","cpe5":"mdaemon","cpe6":"6.8.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2504","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"alt-n","cpe5":"mdaemon","cpe6":"6.8.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2504","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"alt-n","cpe5":"mdaemon","cpe6":"6.8.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2504","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"alt-n","cpe5":"mdaemon","cpe6":"7.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T01:29:13.669Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"mdaemon-gain-privileges(18287)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/18287"},{"name":"1012350","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1012350"},{"name":"13225","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/13225"},{"name":"20041129 Privilege escalation flaw in MDaemon 7.2.","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1324.html"},{"name":"12158","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/12158"},{"name":"11736","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/11736"},{"name":"20041130 Re: Privilege escalation flaw in MDaemon 7.2.","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1353.html"},{"name":"20041129 Privilege escalation flaw in MDaemon 7.2.","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://archives.neohapsis.com/archives/bugtraq/2004-11/0385.html"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2004-11-29T00:00:00.000Z","descriptions":[{"lang":"en","value":"The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-10T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"mdaemon-gain-privileges(18287)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/18287"},{"name":"1012350","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1012350"},{"name":"13225","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/13225"},{"name":"20041129 Privilege escalation flaw in MDaemon 7.2.","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1324.html"},{"name":"12158","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/12158"},{"name":"11736","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/11736"},{"name":"20041130 Re: Privilege escalation flaw in MDaemon 7.2.","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1353.html"},{"name":"20041129 Privilege escalation flaw in MDaemon 7.2.","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://archives.neohapsis.com/archives/bugtraq/2004-11/0385.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2004-2504","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"mdaemon-gain-privileges(18287)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/18287"},{"name":"1012350","refsource":"SECTRACK","url":"http://securitytracker.com/id?1012350"},{"name":"13225","refsource":"SECUNIA","url":"http://secunia.com/advisories/13225"},{"name":"20041129 Privilege escalation flaw in MDaemon 7.2.","refsource":"FULLDISC","url":"http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1324.html"},{"name":"12158","refsource":"OSVDB","url":"http://www.osvdb.org/12158"},{"name":"11736","refsource":"BID","url":"http://www.securityfocus.com/bid/11736"},{"name":"20041130 Re: Privilege escalation flaw in MDaemon 7.2.","refsource":"FULLDISC","url":"http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1353.html"},{"name":"20041129 Privilege escalation flaw in MDaemon 7.2.","refsource":"BUGTRAQ","url":"http://archives.neohapsis.com/archives/bugtraq/2004-11/0385.html"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2004-2504","datePublished":"2005-10-25T04:00:00.000Z","dateReserved":"2005-10-25T00:00:00.000Z","dateUpdated":"2024-08-08T01:29:13.669Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2004-12-31 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:alt-n:mdaemon:6.8.0:*:*:*:*:*:*:*","matchCriteriaId":"437D2888-340C-48AB-815E-C04E5DE44CAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:alt-n:mdaemon:6.8.1:*:*:*:*:*:*:*","matchCriteriaId":"46604A07-FBB0-4111-8B1C-2D01086BBB71"},{"vulnerable":true,"criteria":"cpe:2.3:a:alt-n:mdaemon:6.8.2:*:*:*:*:*:*:*","matchCriteriaId":"3AD17AD0-27FE-49F5-A23D-2DE672D87C17"},{"vulnerable":true,"criteria":"cpe:2.3:a:alt-n:mdaemon:6.8.3:*:*:*:*:*:*:*","matchCriteriaId":"4141E02E-C2DA-42C0-ABAB-62AFE4F869AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:alt-n:mdaemon:6.8.4:*:*:*:*:*:*:*","matchCriteriaId":"32AA5447-4879-41A7-8F92-CAB0C3CD5E6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:alt-n:mdaemon:6.8.5:*:*:*:*:*:*:*","matchCriteriaId":"2A9121D0-504E-444B-94C3-0E5C240376C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:alt-n:mdaemon:7.2:*:*:*:*:*:*:*","matchCriteriaId":"BA25D7ED-BA8E-45E0-9399-B85499EF74D5"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2004","CveId":"2504","Ordinal":"1","Title":"CVE-2004-2504","CVE":"CVE-2004-2504","Year":"2004"},"notes":[{"CveYear":"2004","CveId":"2504","Ordinal":"1","NoteData":"The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges.","Type":"Description","Title":"CVE-2004-2504"},{"CveYear":"2004","CveId":"2504","Ordinal":"2","NoteData":"2005-10-25","Type":"Other","Title":"Published"},{"CveYear":"2004","CveId":"2504","Ordinal":"3","NoteData":"2017-07-10","Type":"Other","Title":"Modified"}]}}}