CVE-2002-0367

smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://marc.info/?l=ntbugtraq&m=101614320402695&w=2	Mailing List
http://www.iss.net/security_center/static/8462.php	Broken Link Patch Vendor Advisory
http://www.securityfocus.com/archive/1/262074	Broken Link Exploit Patch Third Party Advisory VDB Entry Vendor Advisory
http://www.securityfocus.com/archive/1/264441	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/264927	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/4287	Broken Link Third Party Advisory VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-024	Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A158	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A76	Broken Link

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_2000:-:::::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:::::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:-:::terminal_server:::*

History

No history.

Information

Published : 2002-06-25 04:00

Updated : 2024-07-16 17:42

NVD link : CVE-2002-0367

Mitre link : CVE-2002-0367

CVE.ORG link : CVE-2002-0367

JSON object : View

Products Affected

microsoft

windows_2000
windows_nt

CWE

NVD-CWE-noinfo

{"id": "CVE-2002-0367", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2002-06-25T04:00:00.000", "references": [{"url": "http://marc.info/?l=ntbugtraq&m=101614320402695&w=2", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/8462.php", "tags": ["Broken Link", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/262074", "tags": ["Broken Link", "Exploit", "Patch", "Third Party Advisory", "VDB Entry", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/264441", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/264927", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/4287", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-024", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A158", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A76", "tags": ["Broken Link"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit."}], "lastModified": "2024-07-16T17:42:19.227", "cisaActionDue": "2022-03-24", "cisaExploitAdd": "2022-03-03", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "685F1981-EA61-4A00-89F8-A748A88962F8"}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E53CDA8E-50A8-4509-B070-CCA5604FFB21"}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:-:*:*:terminal_server:*:*:*", "vulnerable": true, "matchCriteriaId": "E30F6C9C-3371-44FF-AD0B-3CAA0AB6F1B8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Microsoft Windows Privilege Escalation Vulnerability"}