High severity7.8CISA KEVNVD Advisory· Published Jun 25, 2002· Updated Apr 16, 2026

CVE-2002-0367

Description

smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.

Affected products

Microsoft/Windows 2000
cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*
Microsoft/Windows Nt2 versions
cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:-:*:*:terminal_server:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.iss.net/security_center/static/8462.phpnvdBroken LinkPatchVendor Advisory
docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-024nvdPatchVendor Advisory
www.securityfocus.com/archive/1/262074nvdBroken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
www.securityfocus.com/archive/1/264441nvdBroken LinkThird Party AdvisoryVDB Entry
www.securityfocus.com/archive/1/264927nvdBroken LinkThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/4287nvdBroken LinkThird Party AdvisoryVDB Entry
marc.infonvdMailing List
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A158nvdBroken Link
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A76nvdBroken Link
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.001
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000