Session Hijacking Vulnerability in Microsoft NetMeeting
CVE-2002-1150

Currently unrated

Key Information:

Vendor: Microsoft
Status: Netmeeting
Vendor: CVE Published:; 11 October 2002

Summary

Microsoft NetMeeting versions 3.01 through SP2 (4.4.3396) contain a vulnerability in the Remote Desktop Sharing (RDS) feature that permits attackers with physical access to commandeer remote sessions. By executing specific logoff or shutdown sequences, such as CTRL-ALT-DEL, attackers can bypass confirmation prompts, thereby interrupting user interactions—potentially leading to unauthorized access and data loss during remote activities.

References

http://www.securityfocus.com/bid/5715

vdb-entryx_refsource_BID

http://www.iss.net/security_center/static/10119.php

vdb-entryx_refsource_XF

http://marc.info/?l=bugtraq&m=103228375116204&w=2

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Oct 11, 2002
Vulnerability Reserved
Sep 24, 2002