Vulnerability Name: | CVE-2002-0971 (CCN-9979) | ||||||||
Assigned: | 2002-08-20 | ||||||||
Published: | 2002-08-20 | ||||||||
Updated: | 2016-10-18 | ||||||||
Summary: | Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box. | ||||||||
CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Tue Aug 20 2002 - 21:55:40 CDT Win32 API 'shatter' vulnerability found in VNC-based products Source: MITRE Type: CNA CVE-2002-0971 Source: BUGTRAQ Type: UNKNOWN 20020821 Win32 API 'shatter' vulnerability found in VNC-based products Source: XF Type: UNKNOWN vnc-win32-messaging-privileges(9979) Source: CCN Type: OSVDB ID: 6277 TightVNC / TridiaVNC Win32 Messaging System Command Execution Source: BID Type: UNKNOWN 5530 Source: CCN Type: BID-5530 Multiple VNC Products For Windows Win32 Messaging API Vulnerability Source: CCN Type: AT&T Laboratories Cambridge Web site Virtual Network Computing Source: XF Type: UNKNOWN vnc-win32-messaging-privileges(9979) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |