Lucene search

MitreCVE-2002-2132

HistoryNov 16, 2005 - 7:37 a.m.

CVE-2002-2132

2005-11-1607:37:00

mitre

web.nvd.nist.gov

cve-2002-2132

windows

file protection

wfp

windows 2000

windows xp

security catalog

.cat files

vulnerability

hash codes

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

37.8%

JSON

Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes.

Affected configurations

Nvd

Node

microsoftwindows_2000datacenter_server

microsoftwindows_2000professional

microsoftwindows_2000server

microsoftwindows_2000jaserver

microsoftwindows_2000sp1advanced_server

microsoftwindows_2000sp1datacenter_server

microsoftwindows_2000sp1professional

microsoftwindows_2000sp1server

microsoftwindows_2000sp2advanced_server

microsoftwindows_2000sp2datacenter_server

microsoftwindows_2000sp2professional

microsoftwindows_2000sp2server

microsoftwindows_2000sp3advanced_server

microsoftwindows_2000sp3datacenter_server

microsoftwindows_2000sp3professional

microsoftwindows_2000sp3server

microsoftwindows_xpx64

microsoftwindows_xphome

microsoftwindows_xpgoldprofessional

microsoftwindows_xpsp1x64

microsoftwindows_xpsp1home

VendorProductVersionCPE
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:*:*:*:datacenter_server:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:*:*:*:professional:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:*:*:*:server:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:*:*:ja:server:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:advanced_server:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:datacenter_server:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:professional:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:server:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:advanced_server:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:datacenter_server:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_2000	*	cpe:2.3:o:microsoft:windows_2000:::::datacenter_server:::*
microsoft	windows_2000	*	cpe:2.3:o:microsoft:windows_2000:::::professional:::*
microsoft	windows_2000	*	cpe:2.3:o:microsoft:windows_2000:::::server:::*
microsoft	windows_2000	*	cpe:2.3:o:microsoft:windows_2000::::ja:server:::
microsoft	windows_2000	*	cpe:2.3:o:microsoft:windows_2000::sp1:::advanced_server:::
microsoft	windows_2000	*	cpe:2.3:o:microsoft:windows_2000::sp1:::datacenter_server:::
microsoft	windows_2000	*	cpe:2.3:o:microsoft:windows_2000::sp1:::professional:::
microsoft	windows_2000	*	cpe:2.3:o:microsoft:windows_2000::sp1:::server:::
microsoft	windows_2000	*	cpe:2.3:o:microsoft:windows_2000::sp2:::advanced_server:::
microsoft	windows_2000	*	cpe:2.3:o:microsoft:windows_2000::sp2:::datacenter_server:::

Rows per page:

1-10 of 211

References

archives.neohapsis.com/archives/bugtraq/2002-12/0250.html

www.iss.net/security_center/static/10957.php

www.securityfocus.com/bid/6483

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

37.8%

JSON

Related for CVE-2002-2132