CVE-2002-0367

HIGH KEV

Windows NT and Windows 2000 - Improper Privilege Management via Handle Duplication

Title source: llm

Exploitation Summary

CVE-2002-0367 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 3, 2022. EIP tracks 1 public exploit from researchers including EliCZ.

AI-analyzed exploit summary The vulnerability in Microsoft Windows 2000 and NT 4 allows local privilege escalation by exploiting the debugging subsystem to duplicate handles of privileged processes. This can lead to arbitrary code execution with SYSTEM privileges.

Description

smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.

Exploits (1)

exploitdb WRITEUP VERIFIED

by EliCZ · textlocalwindows

https://www.exploit-db.com/exploits/21344

View Code ZIP pw:eip

The vulnerability in Microsoft Windows 2000 and NT 4 allows local privilege escalation by exploiting the debugging subsystem to duplicate handles of privileged processes. This can lead to arbitrary code execution with SYSTEM privileges.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows 2000, NT 4

Auth required

Prerequisites: Local access to the system · Debugging privileges

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (10)

Core 10

Core References

Broken Link, Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/264441

Mailing List mailing-list x_refsource_ntbugtraq

http://marc.info/?l=ntbugtraq&m=101614320402695&w=2

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/4287

Patch, Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-024

Broken Link, Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/264927

Broken Link vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A76

Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/262074

Broken Link, Patch, Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/8462.php

Broken Link vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A158

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2002-0367

Scores

CVSS v3 7.8

EPSS 0.0125

EPSS Percentile 79.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2022-03-03

VulnCheck KEV 2002-03-13

InTheWild.io 2022-03-03

ENISA EUVD EUVD-2002-0364

CWE

CWE-269

Status published

Products (2)

microsoft/windows_2000

microsoft/windows_nt 4.0 (2 CPE variants)

Published Jun 25, 2002

KEV Added Mar 03, 2022

Tracked Since Feb 18, 2026