CVE-2002-0367 Information
Description
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process as demonstrated by DebPloit.
Reference
http://marc.info/?l=ntbugtraq&m=101614320402695&w=2 http://www.iss.net/security_center/static/8462.php http://www.securityfocus.com/archive/1/262074 http://www.securityfocus.com/archive/1/264441 http://www.securityfocus.com/archive/1/264927 http://www.securityfocus.com/bid/4287 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-024 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A158 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A76
Share on: