Vulnerability Description
NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows Nt | 4.0 |
| Microsoft | Windows Xp | All versions |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0211.html
- http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3B319458
- http://www.abtrusion.com/msexe16.asp
- http://www.iss.net/security_center/static/10132.php
- http://www.securityfocus.com/bid/5740
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0211.html
- http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3B319458
- http://www.abtrusion.com/msexe16.asp
- http://www.iss.net/security_center/static/10132.php
- http://www.securityfocus.com/bid/5740
FAQ
What is CVE-2002-2401?
CVE-2002-2401 is a vulnerability with a CVSS score of 3.6 (LOW). NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrar...
How severe is CVE-2002-2401?
CVE-2002-2401 has been rated LOW with a CVSS base score of 3.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-2401?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows Nt, Microsoft Windows Xp.