Microsoft Security Bulletin MS02-042Privilege elevation flaw in Network Connection Manager | |
Download |
Microsoft Security Bulletin MS02-042 Ranking & Summary
Advertisement
- License:
- Update
- Price:
- Free to try
- Publisher Name:
- By Microsoft
- Publisher web site:
- http://www.microsoft.com/
- Operating Systems:
- Windows, Windows 2000
- Additional Requirements:
- Windows 2000
- File Size:
- 235.35K
- Total Downloads:
- 47
Microsoft Security Bulletin MS02-042 Tags
- Connection Manager Network Manager elevation files elevation data elevation elevation plot disable privilege enable privilege CPU flaw flaw system privilege admin privilege higher privilege remove privilege user privilege privilege remover privilege Network Connection Manager Privilege Name Lister Privilege Name Database Connection Manager elevation map elevation plan security flaw connection tunnel manager digital elevation data digital elevation implementation flaw privilege control putty connection manager
Microsoft Security Bulletin MS02-042 Description
The Network Connection Manager (NCM) provides a controlling mechanism for all network connections managed by a host system. Among the functions of the NCM is to call a handler routine whenever a network connection has been established. By design, this handler routine should run in the security context of the user. However, a flaw could make it possible for an unprivileged user to cause the handler routine to run in the security context of LocalSystem, though a very complex process. An attacker who exploited this flaw could specify code of his or her choice as the handler, then establish a network connection in order to cause that code to be invoked by the NCM. The code would then run with full system privileges.
Microsoft Security Bulletin MS02-042 Related Software