← Voltar para CVEs

CVE-2002-0367

HIGHCISA KEV

7.8

Descricao

smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.

Detalhes CVE

Pontuacao CVSS v3.17.8

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueLOCAL

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioNONE

Publicado6/25/2002

Ultima modificacao4/16/2026

Fontekev

Avistamentos honeypot0

CISA KEV

FornecedorMicrosoft

ProdutoWindows

Nome da vulnerabilidadeMicrosoft Windows Privilege Escalation Vulnerability

Data inclusao KEV2022-03-03

Prazo de remediacao2022-03-24

Uso em ransomwareUnknown

Produtos afetados

microsoft:windows_2000microsoft:windows_nt

Fraquezas (CWE)

CWE-269CWE-269

Referencias

http://marc.info/?l=ntbugtraq&m=101614320402695&w=2(cve@mitre.org)

http://www.iss.net/security_center/static/8462.php(cve@mitre.org)

http://www.securityfocus.com/archive/1/262074(cve@mitre.org)

http://www.securityfocus.com/archive/1/264441(cve@mitre.org)

http://www.securityfocus.com/archive/1/264927(cve@mitre.org)

http://www.securityfocus.com/bid/4287(cve@mitre.org)

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-024(cve@mitre.org)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A158(cve@mitre.org)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A76(cve@mitre.org)

http://marc.info/?l=ntbugtraq&m=101614320402695&w=2(af854a3a-2127-422b-91ae-364da2661108)

http://www.iss.net/security_center/static/8462.php(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/archive/1/262074(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/archive/1/264441(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/archive/1/264927(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/4287(af854a3a-2127-422b-91ae-364da2661108)

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-024(af854a3a-2127-422b-91ae-364da2661108)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A158(af854a3a-2127-422b-91ae-364da2661108)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A76(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2002-0367(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.