| Vulnerability Name: | CCN-5323 | ||||||
| Published: | 2000-10-03 | ||||||
| Updated: | 2000-10-03 | ||||||
| Summary: | Windows NT and Windows 2000 are vulnerable to a variant of the "Spoofed LPC Port Request" vulnerability, which could allow an attacker to impersonate other processes on the server, under an unlikely set of circumstances. An attacker can use this to gain elevated privileges on the system. | ||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||
| CVSS v2 Severity: | 2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
| ||||||
| Vulnerability Consequences: | Data Manipulation | ||||||
| References: | Source: CCN Type: BindView RAZOR Security Advisory, October 3, 2000 Various security vulnerabilities with LPC ports Source: CCN Type: Microsoft Security Bulletin MS00-070 FAQ Microsoft Security Bulletin (MS00-070): Frequently Asked Questions Source: CCN Type: Microsoft Security Bulletin MS00-070 Patch Available for Multiple LPC and LPC Ports Vulnerabilities Source: CCN Type: Microsoft Security Bulletin MS01-041 Malformed RPC Request Can Cause Service Failure Source: CCN Type: Microsoft Security Bulletin MS02-001 Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data Source: CCN Type: Microsoft Security Bulletin MS02-018 Cumulative Patch for Internet Information Services (Q319733) Source: CCN Type: Microsoft Security Bulletin MS04-011 Security Update for Microsoft Windows (835732) Source: CCN Type: BID-1753 Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability Source: XF Type: UNKNOWN spoofed-lpc-port-variant(5323) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||