Описание
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
Ссылки
- Mailing List
- Broken LinkPatchVendor Advisory
- Broken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- PatchVendor Advisory
- Broken Link
- Broken Link
- Mailing List
- Broken LinkPatchVendor Advisory
- Broken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- PatchVendor Advisory
- Broken Link
- Broken Link
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:-:*:*:terminal_server:*:*:*
EPSS
Процентиль: 73%
0.00791
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
NVD-CWE-noinfo
CWE-269
Связанные уязвимости
CVSS3: 7.8
github
почти 4 года назад
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
EPSS
Процентиль: 73%
0.00791
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
NVD-CWE-noinfo
CWE-269