TROYANOSYVIRUS
Retour aux CVEs

CVE-2002-0367

HIGHCISA KEV
7.8

Description

smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.

Details CVE

Score CVSS v3.17.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie6/25/2002
Derniere modification4/16/2026
Sourcekev
Observations honeypot0

CISA KEV

FournisseurMicrosoft
ProduitWindows
Nom vulnerabiliteMicrosoft Windows Privilege Escalation Vulnerability
Date ajout KEV2022-03-03
Date limite remediation2022-03-24
Utilise dans ransomwareUnknown

Produits affectes

microsoft:windows_2000microsoft:windows_nt

Faiblesses (CWE)

CWE-269CWE-269

References

http://marc.info/?l=ntbugtraq&m=101614320402695&w=2(cve@mitre.org)
http://www.iss.net/security_center/static/8462.php(cve@mitre.org)
http://www.securityfocus.com/archive/1/262074(cve@mitre.org)
http://www.securityfocus.com/archive/1/264441(cve@mitre.org)
http://www.securityfocus.com/archive/1/264927(cve@mitre.org)
http://www.securityfocus.com/bid/4287(cve@mitre.org)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-024(cve@mitre.org)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A158(cve@mitre.org)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A76(cve@mitre.org)
http://marc.info/?l=ntbugtraq&m=101614320402695&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://www.iss.net/security_center/static/8462.php(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/262074(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/264441(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/264927(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/4287(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-024(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A158(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A76(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2002-0367(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.