CVE-2002-2132

Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2002-12/0250.html	Broken Link
http://www.iss.net/security_center/static/10957.php	Broken Link
http://www.securityfocus.com/bid/6483	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_2000:::::professional:::*
	cpe:2.3:o:microsoft:windows_2000:::::server:::*
	cpe:2.3:o:microsoft:windows_2000::::ja:server:::
	cpe:2.3:o:microsoft:windows_2000::sp1:::advanced_server:::
	cpe:2.3:o:microsoft:windows_xp::gold:::professional:::
	cpe:2.3:o:microsoft:windows_xp::sp1:::::x64:
	cpe:2.3:o:microsoft:windows_xp::sp1:::home:::
	cpe:2.3:o:microsoft:windows_2000:::::datacenter_server:::*
	cpe:2.3:o:microsoft:windows_2000::sp1:::datacenter_server:::
	cpe:2.3:o:microsoft:windows_2000::sp1:::server:::
	cpe:2.3:o:microsoft:windows_2000::sp2:::datacenter_server:::
	cpe:2.3:o:microsoft:windows_2000::sp3:::professional:::
	cpe:2.3:o:microsoft:windows_xp:::::::x64:*
	cpe:2.3:o:microsoft:windows_2000::sp2:::professional:::
	cpe:2.3:o:microsoft:windows_2000::sp2:::server:::
	cpe:2.3:o:microsoft:windows_2000::sp3:::advanced_server:::
	cpe:2.3:o:microsoft:windows_2000::sp3:::datacenter_server:::
	cpe:2.3:o:microsoft:windows_2000::sp1:::professional:::
	cpe:2.3:o:microsoft:windows_2000::sp2:::advanced_server:::
	cpe:2.3:o:microsoft:windows_2000::sp3:::server:::
	cpe:2.3:o:microsoft:windows_xp:::::home:::*

Information

Published : 2002-12-31 05:00

Updated : 2017-11-21 19:26

NVD link : CVE-2002-2132

Mitre link : CVE-2002-2132

JSON object : View

Products Affected

microsoft

windows_xp
windows_2000

CWE

NVD-CWE-Other

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0250.html", "name": "20021226 Full Disclosure: Windows File Protection Old Security Catalog Vulnerability", "tags": ["Broken Link"], "refsource": "BUGTRAQ"}, {"url": "http://www.iss.net/security_center/static/10957.php", "name": "wfp-security-catalogs(10957)", "tags": ["Broken Link"], "refsource": "XF"}, {"url": "http://www.securityfocus.com/bid/6483", "name": "6483", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-2132", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2002-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:professional:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:server:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:*:*:ja:server:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:advanced_server:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:professional:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp1:*:*:home:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:datacenter_server:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:datacenter_server:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:server:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:datacenter_server:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:professional:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:professional:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:server:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:advanced_server:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:datacenter_server:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:professional:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:advanced_server:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:server:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:home:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-11-21T19:26Z"}