Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0367

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2002-0367
Last Modified 05 Sep 2008 04:27:50
Published 25 Jun 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-0367

Summary

smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows Nt 4.0


References

BUGTRAQ - 20020314 Fwd: DebPloit (exploit)

XF - win-debug-duplicate-handles(8462)

BID - 4287

BUGTRAQ - 20020327 Local Security Vulnerability in Windows NT and Windows 2000

BUGTRAQ - 20020326 Re: DebPloit (exploit)

MS - MS02-024

NTBUGTRAQ - 20020314 DebPloit (exploit)


Last Updated: 27 May 2016 10:36:53