CVE-2002-1230 Information

Description

NetDDE Agent on Windows NT 4.0 4.0 Terminal Server Edition Windows 2000 and Windows XP allows local users to execute arbitrary code as LocalSystem via \shatter\ style attack by sending a WM_COPYDATA message followed by a WM_TIMER message as demonstrated by GetAd aka \Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation.\

Reference

http://getad.chat.ru/ http://www.ciac.org/ciac/bulletins/n-027.shtml http://www.iss.net/security_center/static/10343.php http://www.packetstormsecurity.nl/filedesc/GetAd.c.html http://www.securityfocus.com/bid/5927 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-071 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A681