Lucene search

[email protected]CVE-2002-1184

HistorySep 01, 2004 - 4:00 a.m.

CVE-2002-1184

2004-09-0104:00:00

[email protected]

web.nvd.nist.gov

cve-2002-1184

microsoft windows 2000

default permissions

everyone group

full access

search path

privilege escalation

trojan horse programs

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.3%

JSON

The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.

Affected configurations

NVD

Node

microsoftwindows_2000

microsoftwindows_2000sp1

microsoftwindows_2000sp2

microsoftwindows_2000sp3

microsoftwindows_ntMatch4.0enterprise_server

microsoftwindows_ntMatch4.0server

microsoftwindows_ntMatch4.0workstation

microsoftwindows_ntMatch4.0sp1enterprise_server

microsoftwindows_ntMatch4.0sp1server

microsoftwindows_ntMatch4.0sp1workstation

microsoftwindows_ntMatch4.0sp2enterprise_server

microsoftwindows_ntMatch4.0sp2server

microsoftwindows_ntMatch4.0sp2workstation

microsoftwindows_ntMatch4.0sp3enterprise_server

microsoftwindows_ntMatch4.0sp3server

microsoftwindows_ntMatch4.0sp3workstation

microsoftwindows_ntMatch4.0sp4enterprise_server

microsoftwindows_ntMatch4.0sp4server

microsoftwindows_ntMatch4.0sp4workstation

microsoftwindows_ntMatch4.0sp5enterprise_server

microsoftwindows_ntMatch4.0sp5server

microsoftwindows_ntMatch4.0sp5workstation

microsoftwindows_ntMatch4.0sp6enterprise_server

microsoftwindows_ntMatch4.0sp6server

microsoftwindows_ntMatch4.0sp6workstation

microsoftwindows_ntMatch4.0sp6aenterprise_server

microsoftwindows_ntMatch4.0sp6aserver

microsoftwindows_ntMatch4.0sp6aworkstation

CPENameOperatorVersion
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_ntmicrosoft windows nteq4.0

CPE	Name	Operator	Version
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_nt	microsoft windows nt	eq	4.0

References

www.securityfocus.com/bid/5415

docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-064

exchange.xforce.ibmcloud.com/vulnerabilities/9779

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.3%

JSON

Related for CVE-2002-1184

cvelist1 nvd1