4.6

CVE-2002-1230

EPSS 1.4%
Published 04.11.2002 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."

Affected products Warnungen 0 Metrics 2 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows 2000

Microsoft ≫ Windows 2000 Updatesp1

Microsoft ≫ Windows 2000 Updatesp2

Microsoft ≫ Windows 2000 Updatesp3

Microsoft ≫ Windows 2000 Terminal Services

Microsoft ≫ Windows 2000 Terminal Services Updatesp1

Microsoft ≫ Windows 2000 Terminal Services Updatesp2

Microsoft ≫ Windows 2000 Terminal Services Updatesp3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.4%	0.798

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

http://getad.chat.ru/

http://www.ciac.org/ciac/bulletins/n-027.shtml

http://www.iss.net/security_center/static/10343.php

Vendor Advisory

http://www.packetstormsecurity.nl/filedesc/GetAd.c.html

Vendor Advisory

http://www.securityfocus.com/bid/5927

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-071

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A681

https://nvd.nist.gov/vuln/detail/CVE-2002-1230

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2002-1230

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2002-1230

EUVD