CVE-2002-1184

The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/5415
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-064
https://exchange.xforce.ibmcloud.com/vulnerabilities/9779

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_2000::::::::
	cpe:2.3:o:microsoft:windows_2000::sp1::::::*
	cpe:2.3:o:microsoft:windows_2000::sp2::::::*
	cpe:2.3:o:microsoft:windows_2000::sp3::::::*
	cpe:2.3:o:microsoft:windows_nt:4.0::enterprise_server:::::
	cpe:2.3:o:microsoft:windows_nt:4.0::server:::::
	cpe:2.3:o:microsoft:windows_nt:4.0::workstation:::::
	cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:::::*

History

No history.

Information

Published : 2002-11-12 05:00

Updated : 2024-02-04 16:31

NVD link : CVE-2002-1184

Mitre link : CVE-2002-1184

CVE.ORG link : CVE-2002-1184

JSON object : View

Products Affected

microsoft

windows_nt
windows_2000

CWE

NVD-CWE-Other

4.6 /10