| ID |
CVE-2002-0367
|
| Summary |
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_nt:4.0:-:*:*:terminal_server:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:-:*:*:terminal_server:*:*:*
|
| CVSS |
| Base: | 7.2 (as of 16-07-2024 - 17:42) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-noinfo |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| LOCAL |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| oval
via4
|
| accepted | 2018-09-11T10:00:00.000-05:00 | | class | vulnerability | | contributors | | name | Tiffany Bergeron | | organization | The MITRE Corporation |
| name | Jonathan Baker | | organization | The MITRE Corporation |
| | definition_extensions | | comment | Microsoft Windows NT is installed | | oval | oval:org.mitre.oval:def:36 |
| | description | smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit. | | family | windows | | id | oval:org.mitre.oval:def:158 | | status | accepted | | submitted | 2003-04-04T12:00:00.000-04:00 | | title | Windows NT Process Handle Duplication Privilege Escalation | | version | 73 |
| accepted | 2011-05-16T04:03:26.169-04:00 | | class | vulnerability | | contributors | | name | Tiffany Bergeron | | organization | The MITRE Corporation |
| name | Shane Shaffer | | organization | G2, Inc. |
| name | Sudhir Gandhe | | organization | Telos |
| name | Shane Shaffer | | organization | G2, Inc. |
| | description | smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit. | | family | windows | | id | oval:org.mitre.oval:def:76 | | status | accepted | | submitted | 2003-04-04T12:00:00.000-04:00 | | title | Windows 2000 Process Handle Duplication Privilege Escalation | | version | 69 |
|
| refmap
via4
|
| bid | 4287 | | bugtraq | - 20020314 Fwd: DebPloit (exploit)
- 20020326 Re: DebPloit (exploit)
- 20020327 Local Security Vulnerability in Windows NT and Windows 2000
| | ntbugtraq | 20020314 DebPloit (exploit) | | xf | win-debug-duplicate-handles(8462) |
|
| Last major update |
16-07-2024 - 17:42 |
| Published |
25-06-2002 - 04:00 |
| Last modified |
16-07-2024 - 17:42 |
