CVE-2002-0367

KEV

🔴 Łataj teraz

Błąd w subsystemie debugowania smss.exe w Windows NT i 2000 pozwala na eskalację uprawnień.

CVSS

7.8

EPSS

1.9%

Exploit

weaponized

Vendor

microsoft

Opis źródłowy (NVD)

smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.

exploit Brak patcha

Źródła i daty

Źródło	Wartość
NVD – CVSS	7.8
CISA KEV (aktywnie wykorzystywane)	Tak
FIRST EPSS (prawdopodobieństwo exploita)	1.9%
Opublikowano (NVD)	2002-06-25 04:00:00 UTC
Ostatnia modyfikacja (NVD)	2026-04-16 14:03:58 UTC

Referencje

http://marc.info/?l=ntbugtraq&m=101614320402695&w=2 (cve@mitre.org) [Mailing List]
http://www.iss.net/security_center/static/8462.php (cve@mitre.org) [Broken Link, Patch, Vendor Advisory]
http://www.securityfocus.com/archive/1/262074 (cve@mitre.org) [Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory]
http://www.securityfocus.com/archive/1/264441 (cve@mitre.org) [Broken Link, Third Party Advisory, VDB Entry]
http://www.securityfocus.com/archive/1/264927 (cve@mitre.org) [Broken Link, Third Party Advisory, VDB Entry]
http://www.securityfocus.com/bid/4287 (cve@mitre.org) [Broken Link, Third Party Advisory, VDB Entry]
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-024 (cve@mitre.org) [Patch, Vendor Advisory]
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A158 (cve@mitre.org) [Broken Link]
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A76 (cve@mitre.org) [Broken Link]
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2002-0367 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]