Vulnerability Description
The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify registry settings.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows Xp | All versions |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2002-10/0070.htmlExploit
- http://www.iss.net/security_center/static/10279.php
- http://www.securityfocus.com/bid/5894
- http://archives.neohapsis.com/archives/bugtraq/2002-10/0070.htmlExploit
- http://www.iss.net/security_center/static/10279.php
- http://www.securityfocus.com/bid/5894
FAQ
What is CVE-2002-2324?
CVE-2002-2324 is a vulnerability with a CVSS score of 7.2 (HIGH). The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) pe...
How severe is CVE-2002-2324?
CVE-2002-2324 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-2324?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows Xp.