CVE-2000-0100

SMS Remote Control - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0100. PoCs published by Frank Monroe.

AI-analyzed exploit summary This is a technical writeup describing a privilege escalation vulnerability in Microsoft Systems Management Server (SMS) due to insecure directory permissions. The attacker can replace the WUSER32.EXE executable with a malicious version, which will run with System privileges upon reboot.

Description

The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Frank Monroe · textlocalwindows
https://www.exploit-db.com/exploits/19728

This is a technical writeup describing a privilege escalation vulnerability in Microsoft Systems Management Server (SMS) due to insecure directory permissions. The attacker can replace the WUSER32.EXE executable with a malicious version, which will run with System privileges upon reboot.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Systems Management Server (SMS)
Auth required
Prerequisites: Local access to the system · Ability to replace the WUSER32.EXE file
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory mailing-list x_refsource_ntbugtraq
http://archives.neohapsis.com/archives/ntbugtraq/current/0045.html

Scores

EPSS 0.0283
EPSS Percentile 84.9%

Details

Status published
Products (1)
microsoft/systems_management_server 2.0
Published Dec 29, 1999
Tracked Since Feb 18, 2026