Vulnerability Description
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows 2000 Terminal Services | All versions |
References
- http://getad.chat.ru/
- http://www.ciac.org/ciac/bulletins/n-027.shtml
- http://www.iss.net/security_center/static/10343.phpVendor Advisory
- http://www.packetstormsecurity.nl/filedesc/GetAd.c.htmlVendor Advisory
- http://www.securityfocus.com/bid/5927
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-07
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://getad.chat.ru/
- http://www.ciac.org/ciac/bulletins/n-027.shtml
- http://www.iss.net/security_center/static/10343.phpVendor Advisory
- http://www.packetstormsecurity.nl/filedesc/GetAd.c.htmlVendor Advisory
- http://www.securityfocus.com/bid/5927
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-07
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2002-1230?
CVE-2002-1230 is a vulnerability with a CVSS score of 4.6 (MEDIUM). NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDAT...
How severe is CVE-2002-1230?
CVE-2002-1230 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1230?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows 2000 Terminal Services.