4.6 - MS02-071

Executive Summary

Informations
Name	MS02-071	First vendor Publication	N/A
Vendor	Microsoft	Last vendor Modification	N/A
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	4.6	Attack Range	Local
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation (328310)

CWE : Common Weakness Enumeration

%	Id	Name

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:681

Oval ID:	oval:org.mitre.oval:def:681
Title:	Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation
Description:	NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2002-1230	Version:	3
Platform(s):	Microsoft Windows NT	Product(s):	NetDDE Agent
Definition Synopsis:
Microsoft Windows NT is installed AND NOT this is an NT Terminal Server AND the version of user32.dll is less than 4.0.1381.7177 AND the version of gdi32.dll is less than 4.0.1381.7177 AND the version of winsrv.dll is less than 4.0.1381.7202 AND the version of win32k.sys is less than 4.0.1381.7207 AND NOT Patch Q328310 Installed

CPE : Common Platform Enumeration

Type	Description	Count
Os	Microsoft Windows 2000 cpe:2.3:o:microsoft:windows_2000:::::::: cpe:2.3:o:microsoft:windows_2000::sp3::::::* cpe:2.3:o:microsoft:windows_2000::sp2::::::* cpe:2.3:o:microsoft:windows_2000::sp1::::::*	4
Os	Microsoft Windows 2000 Terminal Services cpe:2.3:o:microsoft:windows_2000_terminal_services::sp1::::::* cpe:2.3:o:microsoft:windows_2000_terminal_services::sp2::::::* cpe:2.3:o:microsoft:windows_2000_terminal_services:::::::: cpe:2.3:o:microsoft:windows_2000_terminal_services::sp3::::::*	4

OpenVAS Exploits

Date	Description
2009-03-15	Name : MS04-011 security check File : nvt/remote-MS04-011.nasl
2005-11-03	Name : WM_TIMER Message Handler Privilege Elevation (Q328310) File : nvt/smb_nt_ms02-071.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
13416	Microsoft Windows NetDDE Agent WM_COPYDATA Message Arbitrary Code Execution (... The Microsoft Windows NetDDE Agent in Windows 2000, NT, and XP contains a vulnerability that could allow a local attacker to elevate their privileges. An attacker could exploit this by sending specially crafted input to the NetDDE Agent via a WM_COPYDATA message, and then sending specially crafted input via WM_TIMER message, causing the request to be executed under higher privileges.

Description

13416

Microsoft Windows NetDDE Agent WM_COPYDATA Message Arbitrary Code Execution (...

The Microsoft Windows NetDDE Agent in Windows 2000, NT, and XP contains a vulnerability that could allow a local attacker to elevate their privileges. An attacker could exploit this by sending specially crafted input to the NetDDE Agent via a WM_COPYDATA message, and then sending specially crafted input via WM_TIMER message, causing the request to be executed under higher privileges.

Nessus® Vulnerability Scanner

Date	Description
2002-12-12	Name : Local users can elevate their privileges on the remote host. File : smb_nt_ms02-071.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:44:48	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	1
CPE ID(s)	8
osvdb(s)	1
Openvas Exploit(s)	2
Nessus® Exploit(s)	1

	Related
10	MS04-032
4.6	CVE-2002-1230
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)

4.6 - MS02-071

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU