Lucene search

[email protected]CVE-2003-1246

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2003-1246

2022-10-0316:15:41

[email protected]

web.nvd.nist.gov

cve

ntcreatesymboliclinkobject

ntdll.dll

integrity protection driver

ipd 1.2

ipd 1.3

symlink attack

winnt

system32

subst command

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver (IPD) 1.2 and 1.3 allows local users to create and overwrite arbitrary files via a symlink attack on \winnt\system32\drivers using the subst command.

Affected configurations

NVD

Node

pedestal_softwareintegrity_protection_driverMatch1.2

pedestal_softwareintegrity_protection_driverMatch1.3

CPENameOperatorVersion
pedestal_software:integrity_protection_driverpedestal software integrity protection drivereq1.2
pedestal_software:integrity_protection_driverpedestal software integrity protection drivereq1.3

CPE	Name	Operator	Version
pedestal_software:integrity_protection_driver	pedestal software integrity protection driver	eq	1.2
pedestal_software:integrity_protection_driver	pedestal software integrity protection driver	eq	1.3

References

archives.neohapsis.com/archives/bugtraq/2003-01/0017.html

archives.neohapsis.com/archives/bugtraq/2003-01/0018.html

www.iss.net/security_center/static/10979.php

www.securityfocus.com/bid/6511

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2003-1246

nvd1 cvelist1