Vulnerabilities > CVE-2002-1230 - Unspecified vulnerability in Microsoft Windows 2000 and Windows 2000 Terminal Services

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

microsoft

nessus

exploit available

NVD

Published: 2002-11-04

Updated: 2019-04-30

Summary

NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows 2000 Terminal Services * Microsoft Windows 2000 *	8

Exploit-Db

description	MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (1). CVE-2002-1230. Local exploit for windows platform
id	EDB-ID:21684
last seen	2016-02-02
modified	2002-08-06
published	2002-08-06
reporter	sectroyer
source	https://www.exploit-db.com/download/21684/
title	Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error Vulnerability 1

description	MS Windows XP/2000/NT 4 NetDDE Privilege Escalation Vulnerability (2). CVE-2002-1230. Local exploit for windows platform
id	EDB-ID:21923
last seen	2016-02-02
modified	2002-10-09
published	2002-10-09
reporter	Serus
source	https://www.exploit-db.com/download/21923/
title	Microsoft Windows 2000/XP/NT 4 - NetDDE Privilege Escalation Vulnerability 2

description	MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (5). CVE-2002-1230. Local exploit for windows platform
id	EDB-ID:21688
last seen	2016-02-02
modified	2002-08-06
published	2002-08-06
reporter	Oliver Lavery
source	https://www.exploit-db.com/download/21688/
title	Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error Vulnerability 5

description	MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (3). CVE-2002-1230. Local exploit for windows platform
id	EDB-ID:21686
last seen	2016-02-02
modified	2002-08-06
published	2002-08-06
reporter	Brett Moore
source	https://www.exploit-db.com/download/21686/
title	Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error Vulnerability 3

description	MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (7). CVE-2002-1230. Local exploit for windows platform
id	EDB-ID:21690
last seen	2016-02-02
modified	2002-08-06
published	2002-08-06
reporter	Ovidio Mallo
source	https://www.exploit-db.com/download/21690/
title	Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error Vulnerability 7

description	MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (2). CVE-2002-1230. Local exploit for windows platform
id	EDB-ID:21685
last seen	2016-02-02
modified	2002-08-06
published	2002-08-06
reporter	Oliver Lavery
source	https://www.exploit-db.com/download/21685/
title	Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error Vulnerability 2

description	MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (8). CVE-2002-1230. Local exploit for windows platform
id	EDB-ID:21691
last seen	2016-02-02
modified	2002-08-06
published	2002-08-06
reporter	anonymous
source	https://www.exploit-db.com/download/21691/
title	Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error Vulnerability 8

description	MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (4). CVE-2002-1230. Local exploit for windows platform
id	EDB-ID:21687
last seen	2016-02-02
modified	2002-08-06
published	2002-08-06
reporter	Brett Moore
source	https://www.exploit-db.com/download/21687/
title	Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error Vulnerability 4

description	MS Windows XP/2000/NT 4 NetDDE Privilege Escalation Vulnerability (1). CVE-2002-1230. Local exploit for windows platform
id	EDB-ID:21922
last seen	2016-02-02
modified	2002-10-09
published	2002-10-09
reporter	Serus
source	https://www.exploit-db.com/download/21922/
title	Microsoft Windows 2000/XP/NT 4 - NetDDE Privilege Escalation Vulnerability 1

description	MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (6). CVE-2002-1230. Local exploit for windows platform
id	EDB-ID:21689
last seen	2016-02-02
modified	2002-08-06
published	2002-08-06
reporter	Brett Moore
source	https://www.exploit-db.com/download/21689/
title	Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error Vulnerability 6

Nessus

NASL family	Windows : Microsoft Bulletins
NASL id	SMB_NT_MS02-071.NASL
description	The remote version of Windows contains a flaw in the handling of WM_TIMER messages for interactive processes that could allow a local user to execute arbitrary code on the remote host with the SYSTEM privileges.
last seen	2020-06-01
modified	2020-06-02
plugin id	11191
published	2002-12-12
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/11191
title	MS02-071: WM_TIMER Message Handler Privilege Elevation (328310)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(11191); script_version("1.42"); script_cvs_date("Date: 2018/11/15 20:50:29"); script_cve_id("CVE-2002-1230"); script_bugtraq_id(5927); script_xref(name:"MSFT", value:"MS02-071"); script_xref(name:"MSKB", value:"328310"); script_name(english:"MS02-071: WM_TIMER Message Handler Privilege Elevation (328310)"); script_summary(english:"Checks Registry for WM_TIMER Privilege Elevation Hotfix (328310)"); script_set_attribute(attribute:"synopsis", value:"Local users can elevate their privileges on the remote host."); script_set_attribute(attribute:"description", value: "The remote version of Windows contains a flaw in the handling of WM_TIMER messages for interactive processes that could allow a local user to execute arbitrary code on the remote host with the SYSTEM privileges."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2002/ms02-071"); script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Windows NT, XP and 2000."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/10/06"); script_set_attribute(attribute:"patch_publication_date", value:"2002/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2002/12/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"Windows : Microsoft Bulletins"); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS02-071'; kb = '328310'; kbs = make_list(kb); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(nt:'6', win2k:'2,3', xp:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN); rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = hotfix_path2share(path:rootfile); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( hotfix_is_vulnerable(os:"5.1", sp:1, file:"User32.dll", version:"5.1.2600.1134", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.1", sp:0, file:"User32.dll", version:"5.1.2600.104", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.0", file:"User32.dll", version:"5.0.2195.6097", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"4.0", file:"User32.dll", version:"4.0.1381.7202", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"4.0", file:"User32.dll", version:"4.0.1381.33544", min_version:"4.0.1381.33000", dir:"\system32", bulletin:bulletin, kb:kb) ) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }

Oval

accepted

2008-03-24T04:00:50.022-04:00

class

vulnerability

contributors

name Ingrid Skoog
organization The MITRE Corporation
name Jeff Cheng
organization Opsware, Inc.
name Jonathan Baker
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation

definition_extensions

comment	Microsoft Windows NT is installed
oval	oval:org.mitre.oval:def:36

description

family

windows

oval:org.mitre.oval:def:681

status

accepted

submitted

2004-08-24T12:00:00.000-04:00

title

Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation

version

Summary

Vulnerable Configurations

Exploit-Db

Nessus

Oval

References