Lucene search

[email protected]CVE-2002-2401

HistoryOct 03, 2022 - 4:23 p.m.

CVE-2002-2401

2022-10-0316:23:50

CWE-264

[email protected]

web.nvd.nist.gov

cve-2002-2401

ntvdm.exe

windows 2000

windows nt

windows xp

16-bit executable files

permissions bypass

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

7.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

31.1%

JSON

NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.

Affected configurations

NVD

Node

microsoftwindows_2000

microsoftwindows_2000sp1

microsoftwindows_2000sp2

microsoftwindows_2000sp3

microsoftwindows_ntMatch4.0

microsoftwindows_ntMatch4.0workstation

microsoftwindows_ntMatch4.0sp1enterprise

microsoftwindows_ntMatch4.0sp1server

microsoftwindows_ntMatch4.0sp1terminal_srv

microsoftwindows_ntMatch4.0sp1workstation

microsoftwindows_ntMatch4.0sp2enterprise

microsoftwindows_ntMatch4.0sp2server

microsoftwindows_ntMatch4.0sp2terminal_srv

microsoftwindows_ntMatch4.0sp2workstation

microsoftwindows_ntMatch4.0sp3enterprise

microsoftwindows_ntMatch4.0sp3server

microsoftwindows_ntMatch4.0sp3terminal_srv

microsoftwindows_ntMatch4.0sp3workstation

microsoftwindows_ntMatch4.0sp4enterprise

microsoftwindows_ntMatch4.0sp4server

microsoftwindows_ntMatch4.0sp4terminal_srv

microsoftwindows_ntMatch4.0sp4workstation

microsoftwindows_ntMatch4.0sp5enterprise

microsoftwindows_ntMatch4.0sp5server

microsoftwindows_ntMatch4.0sp5terminal_srv

microsoftwindows_ntMatch4.0sp5workstation

microsoftwindows_ntMatch4.0sp6enterprise

microsoftwindows_ntMatch4.0sp6server

microsoftwindows_ntMatch4.0sp6terminal_srv

microsoftwindows_ntMatch4.0sp6workstation

microsoftwindows_ntMatch4.0sp6aenterprise

microsoftwindows_ntMatch4.0sp6aserver

microsoftwindows_ntMatch4.0sp6aworkstation

microsoftwindows_xphome

microsoftwindows_xppro

microsoftwindows_xpsp1home

microsoftwindows_xpsp1pro

CPENameOperatorVersion
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_ntmicrosoft windows nteq4.0
microsoft:windows_xpmicrosoft windows xpeq*

CPE	Name	Operator	Version
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_nt	microsoft windows nt	eq	4.0
microsoft:windows_xp	microsoft windows xp	eq	*

References

archives.neohapsis.com/archives/bugtraq/2002-09/0211.html

support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3B319458

www.abtrusion.com/msexe16.asp

www.iss.net/security_center/static/10132.php

www.securityfocus.com/bid/5740

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

7.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

31.1%

JSON

Related for CVE-2002-2401

cvelist1 nvd1