CVE-2002-0367
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- May 08, 2002
- Published Date
- April 02, 2003
- Last Updated
- February 07, 2025
- Vendor
- Microsoft
- Product
- Windows
- Description
- smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
- Tags
- Exploitation
- active
- Technical Impact
- total
- Exploited in the Wild
- Yes (2022-03-03 00:00:00 UTC) Source
windows
cisa
CVSS Scores
CVSS v3.1
7.8 - HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0
7.2
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
SSVC Information
Exploit Status
References
http://www.securityfocus.com/archive/1/264441
http://marc.info/?l=ntbugtraq&m=101614320402695&w=2
http://www.securityfocus.com/bid/4287
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-024
http://www.securityfocus.com/archive/1/264927
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A76
http://www.securityfocus.com/archive/1/262074
http://www.iss.net/security_center/static/8462.php
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A158
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-03-03 00:00:00 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel