Vulnerability Description
In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows Nt | All versions |
References
- http://www.securityfocus.com/bid/3997
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-00
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8023
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://www.securityfocus.com/bid/3997
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-00
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8023
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2002-0018?
CVE-2002-0018 is a vulnerability with a CVSS score of 10.0 (HIGH). In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, ...
How severe is CVE-2002-0018?
CVE-2002-0018 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0018?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows Nt.