Lucene search

[email protected]CVE-2002-0367

HistoryJun 25, 2002 - 4:00 a.m.

CVE-2002-0367

2002-06-2504:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

832

In Wild

windows nt

windows 2000

smss.exe

debugging

vulnerability

privilege escalation

cve-2002-0367

nvd

8.8 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

35.9%

JSON

smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.

CPENameOperatorVersion
microsoft:windows_ntmicrosoft windows nteq4.0
microsoft:windows_2000microsoft windows 2000eq*

CPE	Name	Operator	Version
microsoft:windows_nt	microsoft windows nt	eq	4.0
microsoft:windows_2000	microsoft windows 2000	eq	*

References

marc.info/?l=ntbugtraq&m=101614320402695&w=2

www.iss.net/security_center/static/8462.php

www.securityfocus.com/archive/1/262074

www.securityfocus.com/archive/1/264441

www.securityfocus.com/archive/1/264927

www.securityfocus.com/bid/4287

docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-024

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A158

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A76

Social References

8.8 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

35.9%

JSON

Related for CVE-2002-0367

cisa_kev1 openvas2 nessus1 attackerkb1 malwarebytes1