| VID |
26029 |
| Severity |
40 |
| Port |
139 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (Q285851) for the 'Network DDE Agent Privilege Escalation' problem has not been applied. The problem allows a local attacker to gain elevated privileges.
Network Dynamic Data Exchange (DDE) is a technology that enables applications on different Windows computers to dynamically share data. This sharing is effected via communications channels called trusted shares, which are managed by a service called the Network DDE Agent.
A vulnerability exists because, in Windows 2000, the Network DDE Agent runs using the Local System security context and processes all requests using this context, rather than that of the user. This would give an attacker an opportunity to cause the Network DDE Agent to run code of her choice in Local System context, as a means of gaining complete control over the local machine.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/MS01-007.asp
http://www.iss.net/security_center/static/6062.php
* Platforms Affected:
Windows 2000: All Versions |
| Recommendation |
Apply the appropriate patch for your system at the following locations:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=27526
* Note: This patch can be installed on systems running Windows 2000 Service Pack 1 and Service Pack 2. |
| Related URL |
CVE-2001-0015 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
