Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1230

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2002-1230
Last Modified 10 Sep 2008 03:14:05
Published 04 Nov 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-1230

Summary

NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2000 Terminal Services


References

MS - MS02-071

MISC - http://www.packetstormsecurity.nl/filedesc/GetAd.c.html

XF - win-netdde-gain-privileges(10343)

MISC - http://getad.chat.ru/

BID - 5927

CIAC - N-027


Last Updated: 27 May 2016 10:37:15