Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0018

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2002-0018
Last Modified 10 Sep 2008 03:11:03
Published 08 Mar 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0018

Summary

In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows Nt


References

MS - MS02-001

XF - win-sid-gain-privileges(8023)

BID - 3997


Last Updated: 27 May 2016 10:36:44