Executive Summary
| Summary | |
|---|---|
| Title | Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485) |
| Informations | |||
|---|---|---|---|
| Name | MS08-002 | First vendor Publication | 2008-01-08 |
| Vendor | Microsoft | Last vendor Modification | 2008-01-08 |
| Severity (Vendor) | Important | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| This important update resolves a privately reported vulnerability in Microsoft Windows Local Security Authority Subsystem Service (LSASS). The vulnerability could allow an attacker to run arbitrary code with elevated privileges. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
Original Source
| Url : http://www.microsoft.com/technet/security/bulletin/ms08-002.mspx |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:5408 | |||
| Oval ID: | oval:org.mitre.oval:def:5408 | ||
| Title: | LSASS Bypass Vulnerability | ||
| Description: | Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2007-5352 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 1 | |
| Os | 2 | |
| Os | 1 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 40071 | Microsoft Windows LSASS Crafted LPC Request Local Privilege Escalation Windows contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to an error in Local Security Authority Subsystem Service (LSASS). This flaw may lead to a loss of integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2008-01-08 | Name : Local users can elevate their privileges on the remote host. File : smb_nt_ms08-002.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:45:51 |
|
| 2013-05-11 12:22:05 |
|
