Lucene search

[email protected]CVE-2002-1230

HistoryNov 04, 2002 - 5:00 a.m.

CVE-2002-1230

2002-11-0405:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

netdde

windows nt 4.0

windows 2000

windows xp

localsystem

privilege elevation

cve-2002-1230

nvd

7.3 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

9.8%

JSON

NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via “shatter” style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka “Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation.”

CPENameOperatorVersion
microsoft:windows_2000_terminal_servicesmicrosoft windows 2000 terminal serviceseq*
microsoft:windows_2000microsoft windows 2000eq*

CPE	Name	Operator	Version
microsoft:windows_2000_terminal_services	microsoft windows 2000 terminal services	eq	*
microsoft:windows_2000	microsoft windows 2000	eq	*

References

getad.chat.ru/

www.ciac.org/ciac/bulletins/n-027.shtml

www.iss.net/security_center/static/10343.php

www.packetstormsecurity.nl/filedesc/GetAd.c.html

www.securityfocus.com/bid/5927

docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-071

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A681

7.3 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

9.8%

JSON

Related for CVE-2002-1230

nessus1 securityvulns1 openvas2