← Volver a CVEs

CVE-2002-0367

HIGHCISA KEV

7.8

Descripcion

smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.

Detalles CVE

Puntuacion CVSS v3.17.8

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueLOCAL

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado6/25/2002

Ultima modificacion4/16/2026

Fuentekev

Avistamientos honeypot0

CISA KEV

VendedorMicrosoft

ProductoWindows

Nombre vulnerabilidadMicrosoft Windows Privilege Escalation Vulnerability

Fecha inclusion KEV2022-03-03

Fecha limite remediacion2022-03-24

Uso en ransomwareUnknown

Productos afectados

microsoft:windows_2000microsoft:windows_nt

Debilidades (CWE)

CWE-269CWE-269

Referencias

http://marc.info/?l=ntbugtraq&m=101614320402695&w=2(cve@mitre.org)

http://www.iss.net/security_center/static/8462.php(cve@mitre.org)

http://www.securityfocus.com/archive/1/262074(cve@mitre.org)

http://www.securityfocus.com/archive/1/264441(cve@mitre.org)

http://www.securityfocus.com/archive/1/264927(cve@mitre.org)

http://www.securityfocus.com/bid/4287(cve@mitre.org)

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-024(cve@mitre.org)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A158(cve@mitre.org)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A76(cve@mitre.org)

http://marc.info/?l=ntbugtraq&m=101614320402695&w=2(af854a3a-2127-422b-91ae-364da2661108)

http://www.iss.net/security_center/static/8462.php(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/archive/1/262074(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/archive/1/264441(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/archive/1/264927(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/4287(af854a3a-2127-422b-91ae-364da2661108)

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-024(af854a3a-2127-422b-91ae-364da2661108)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A158(af854a3a-2127-422b-91ae-364da2661108)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A76(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2002-0367(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.