VYPR
High severity7.8CISA KEVNVD Advisory· Published Jun 25, 2002· Updated Jun 16, 2026

CVE-2002-0367

CVE-2002-0367

Description

smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*
    • (no CPE)
  • cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:-:*:*:terminal_server:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.