Vulnerability Description
The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows 2000 Terminal Services | All versions |
| Microsoft | Windows Xp | All versions |
References
- http://www.securityfocus.com/bid/6367
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-07
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10843
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://www.securityfocus.com/bid/6367
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-07
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10843
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2002-1256?
CVE-2002-1256 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the d...
How severe is CVE-2002-1256?
CVE-2002-1256 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1256?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows 2000 Terminal Services, Microsoft Windows Xp.