CVE-2002-0367
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- May 08, 2002
- Published Date
- April 02, 2003
- Last Updated
- February 07, 2025
- Vendor
- n/a
- Product
- n/a
- Description
- smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
CVSS Scores
SSVC Information
- Exploitation
- active
- Technical Impact
- total
Exploit Status
- Exploited in the Wild
- Yes (added 2022-03-03 00:00:00 UTC) Source
References
http://www.securityfocus.com/archive/1/264441
http://marc.info/?l=ntbugtraq&m=101614320402695&w=2
http://www.securityfocus.com/bid/4287
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-024
http://www.securityfocus.com/archive/1/264927
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A76
http://www.securityfocus.com/archive/1/262074
http://www.iss.net/security_center/static/8462.php
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A158
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-03-03 00:00:00 UTC |