Vulnerabilities > CVE-2000-0197 - Unspecified vulnerability in Microsoft Windows NT 4.0

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

microsoft

NVD

Published: 2000-02-14

Updated: 2008-09-10

Summary

The Windows NT scheduler uses the drive mapping of the interactive user who is currently logged onto the system, which allows the local user to gain privileges by providing a Trojan horse batch file in place of the original batch file.

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows NT 4.0	1

References

http://archives.neohapsis.com/archives/ntbugtraq/current/0202.html
http://www.securityfocus.com/bid/1050