Cyber Resilience

CVE-2002-0367

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCLPE

Published: 25 June 2002

Published
25 June 2002
Modified
16 April 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0125 79.7th percentile
Risk Priority 36 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2002-0367 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Microsoft Windows Nt. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 20.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

The vulnerability is an authentication flaw in the debugging subsystem of smss.exe on Windows NT and Windows 2000. The component fails to properly validate programs that connect to other processes, enabling unauthorized handle duplication to privileged targets. This is tracked as CWE-269 and carries a CVSS 3.1 score of 7.8 reflecting local attack requirements.

Local users can exploit the issue by duplicating a handle to a privileged process, thereby elevating their privileges to administrator or SYSTEM level. The flaw was publicly demonstrated by the DebPloit tool, allowing any authenticated local account to obtain full system control without additional user interaction.

References to the issue appear in NTBugtraq and SecurityFocus archives from 2002, though the supplied sources contain no explicit patch or mitigation details.

EU & UK References

Vulnerability details

smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by…

more

DebPloit.

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 2000
all versions
microsoft
windows nt
4.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authentication and authorization decisions before allowing a process to obtain or duplicate handles to privileged targets, which the smss.exe debugging flaw omits.

prevent

Requires that every process and user operate with the minimal set of privileges needed, blocking the unauthorized escalation to SYSTEM via handle duplication.

prevent

Mandates hardware- or OS-level isolation between processes so that one user process cannot arbitrarily duplicate handles belonging to a privileged process.

References