CVE-2002-0367
Published: 25 June 2002
Summary
CVE-2002-0367 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Microsoft Windows Nt. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 20.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
The vulnerability is an authentication flaw in the debugging subsystem of smss.exe on Windows NT and Windows 2000. The component fails to properly validate programs that connect to other processes, enabling unauthorized handle duplication to privileged targets. This is tracked as CWE-269 and carries a CVSS 3.1 score of 7.8 reflecting local attack requirements.
Local users can exploit the issue by duplicating a handle to a privileged process, thereby elevating their privileges to administrator or SYSTEM level. The flaw was publicly demonstrated by the DebPloit tool, allowing any authenticated local account to obtain full system control without additional user interaction.
References to the issue appear in NTBugtraq and SecurityFocus archives from 2002, though the supplied sources contain no explicit patch or mitigation details.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2002-0364
Vulnerability details
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by…
more
DebPloit.
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authentication and authorization decisions before allowing a process to obtain or duplicate handles to privileged targets, which the smss.exe debugging flaw omits.
Requires that every process and user operate with the minimal set of privileges needed, blocking the unauthorized escalation to SYSTEM via handle duplication.
Mandates hardware- or OS-level isolation between processes so that one user process cannot arbitrarily duplicate handles belonging to a privileged process.