Vulnerability Details CVE-2002-0367
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 77.7%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
Proposed Action
smss.exe debugging subsystem in Microsoft Windows does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges.
Ransomware Campaign
Unknown
References
- http://marc.info/?l=ntbugtraq&m=101614320402695&w=2
- http://www.iss.net/security_center/static/8462.php
- http://www.securityfocus.com/archive/1/262074
- http://www.securityfocus.com/archive/1/264441
- http://www.securityfocus.com/archive/1/264927
- http://www.securityfocus.com/bid/4287
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-024
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A158
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A76
- http://marc.info/?l=ntbugtraq&m=101614320402695&w=2
- http://www.iss.net/security_center/static/8462.php
- http://www.securityfocus.com/archive/1/262074
- http://www.securityfocus.com/archive/1/264441
- http://www.securityfocus.com/archive/1/264927
- http://www.securityfocus.com/bid/4287
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-024
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A158
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A76
Products affected by CVE-2002-0367
-
cpe:2.3:o:microsoft:windows_2000:-
-
cpe:2.3:o:microsoft:windows_nt:4.0