CVE-2002-1230

Description

NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via shatter style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation.

Risk Information

Base Score

8.4

MODERATE

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.787

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234