CVE-2002-1230

NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp3:*:*:*:*:*:*

History

20 Nov 2024, 23:40

Type Values Removed Values Added
References () http://getad.chat.ru/ - () http://getad.chat.ru/ -
References () http://www.ciac.org/ciac/bulletins/n-027.shtml - () http://www.ciac.org/ciac/bulletins/n-027.shtml -
References () http://www.iss.net/security_center/static/10343.php - Vendor Advisory () http://www.iss.net/security_center/static/10343.php - Vendor Advisory
References () http://www.packetstormsecurity.nl/filedesc/GetAd.c.html - Vendor Advisory () http://www.packetstormsecurity.nl/filedesc/GetAd.c.html - Vendor Advisory
References () http://www.securityfocus.com/bid/5927 - () http://www.securityfocus.com/bid/5927 -
References () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-071 - () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-071 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A681 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A681 -

Information

Published : 2002-11-04 05:00

Updated : 2024-11-20 23:40


NVD link : CVE-2002-1230

Mitre link : CVE-2002-1230

CVE.ORG link : CVE-2002-1230


JSON object : View

Products Affected

microsoft

  • windows_2000_terminal_services
  • windows_2000