WM_TIMER Message Handler Privilege Elevation (Q328310)

A security issue has been identified in WMTIMER that could allow an attacker to compromise a computer running Microsoft Windows and gain complete control over it. SPDX-FileCopyrightText: 2002 Michael Scheidell Some text descriptions might be excerpted from a referenced sources, and are Copyright ...

CVE-2002-1230

CVE-2002-1230 affects Windows NT 4.0/Terminal Server Edition, Windows 2000, and Windows XP via NetDDE Agent exploiting a WM_TIMER handling flaw. An untrusted WM_TIMER sequence (after WM_COPYDATA) could trigger arbitrary code execution with LocalSystem privileges, as described in MS02-071. The vul...

CVE-2002-1230

NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WMCOPYDATA message followed by a WMTIMER message, as demonstrated by GetAd, aka "Flaw in Windows WMTIMER...

CVE-2002-1230

NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WMCOPYDATA message followed by a WMTIMER message, as demonstrated by GetAd, aka "Flaw in Windows WMTIMER...