CVE-2002-1230

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2000 Terminal Services; Windows 2000
Vendor: CVE Published:; 4 November 2002

Summary

NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."

References

http://www.ciac.org/ciac/bulletins/n-027.shtml

third-party-advisorygovernment-resourcex_refsource_CIAC

http://www.securityfocus.com/bid/5927

vdb-entryx_refsource_BID

http://www.packetstormsecurity.nl/filedesc/GetAd.c.html

x_refsource_MISC

Timeline

Vulnerability published
Nov 4, 2002
Vulnerability Reserved
Oct 21, 2002

Collectors

NVD DatabaseMitre Database