CVE-2002-0367
CVE-2002-0367
In short
A flaw in Windows NT and Windows 2000's debugging system fails to properly verify which programs can connect to each other, allowing a local user to steal control of a privileged process and gain administrator or SYSTEM-level access.
Technical detail
The Session Manager subsystem (smss.exe) in Windows NT/2000 lacks proper authentication for inter-process connections, enabling local attackers to duplicate handles to privileged processes and escalate privileges to SYSTEM or administrator level. Attack requires local system access and exploits insufficient authorization checks in the debug subsystem's handle duplication mechanism.
Summary generated and translated by AI from the official description.
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/21344unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://marc.info/?l=ntbugtraq&m=101614320402695&w=2https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-024https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A158https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A76https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2002-0367http://www.iss.net/security_center/static/8462.phphttp://www.securityfocus.com/archive/1/262074http://www.securityfocus.com/archive/1/264441http://www.securityfocus.com/archive/1/264927http://www.securityfocus.com/bid/4287