CVE-2002-0367

CVE Database · CVE-2002-0367

CVE-2002-0367

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

4.88%

Published

Jun 25, 2002

Modified

Apr 16, 2026

CISA Known Exploited Vulnerability

Added: 2022-03-03 · Due: 2022-03-24

Apply updates per vendor instructions.

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft Windows NT 4.0/2000 - Process Handle Local Privilege Escalation TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-269CWE-269

Affected Products (3)

microsoft · windows_2000vulnerable

microsoft · windows_ntvulnerable

References (19)

http://marc.info/?l=ntbugtraq&m=101614320402695&w=2

Mailing List

http://www.iss.net/security_center/static/8462.php

Broken LinkPatchVendor Advisory