Vulnerability Description
NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver (IPD) 1.2 and 1.3 allows local users to create and overwrite arbitrary files via a symlink attack on \winnt\system32\drivers using the subst command.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pedestal Software | Integrity Protection Driver | 1.2 |
References
- http://archives.neohapsis.com/archives/bugtraq/2003-01/0017.htmlPatchVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2003-01/0018.htmlPatchVendor Advisory
- http://www.iss.net/security_center/static/10979.phpPatch
- http://www.securityfocus.com/bid/6511Patch
- http://archives.neohapsis.com/archives/bugtraq/2003-01/0017.htmlPatchVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2003-01/0018.htmlPatchVendor Advisory
- http://www.iss.net/security_center/static/10979.phpPatch
- http://www.securityfocus.com/bid/6511Patch
FAQ
What is CVE-2003-1246?
CVE-2003-1246 is a vulnerability with a CVSS score of 2.1 (LOW). NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver (IPD) 1.2 and 1.3 allows local users to create and overwrite arbitrary files via a symlink attack on \winnt\system32\drivers usin...
How severe is CVE-2003-1246?
CVE-2003-1246 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1246?
Check the references section above for vendor advisories and patch information. Affected products include: Pedestal Software Integrity Protection Driver.