| Vulnerability Name: | CCN-13342 | ||||||
| Published: | 2003-10-02 | ||||||
| Updated: | 2003-10-02 | ||||||
| Summary: | Microsoft Windows could allow a local attacker to terminate programs without authorization, caused by a vulnerability in the PostThreadMessage API. The PostThreadMessage API allows a program to send a WM_QUIT, WM_CLOSE, or WM_DESTROY message to another program's thread on the same desktop to close the program. If the specified thread has a message queue, a local attacker could exploit this vulnerability to terminate processes, such as antivirus applications, personal firewall applications, filtering applications, and monitoring applications without permission. | ||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||
| CVSS v2 Severity: | 2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
| ||||||
| Vulnerability Consequences: | Denial of Service | ||||||
| References: | Source: CCN Type: BugTraq Mailing List, Thu Oct 02 2003 - 00:28:00 CDT Process Killing - Playing with PostThreadMessage Source: CCN Type: BID-8747 Microsoft Windows PostThreadMessage() Arbitrary Process Killing Vulnerability Source: XF Type: UNKNOWN win-postthreadmessage-terminate-process(13342) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||