CVE-2002-1150 - The Remote Desktop Sharing (RDS) Screen Saver Protection capability for Microsoft NetMeeting 3.01 th

CVE-2002-1150

Summary

The Remote Desktop Sharing (RDS) Screen Saver Protection capability for Microsoft NetMeeting 3.01 through SP2 (4.4.3396) allows attackers with physical access to hijack remote sessions by entering certain logoff or shutdown sequences (such as CTRL-ALT-DEL) and canceling out of the resulting user confirmation prompts, such as when the remote user is editing a document.

References

http://marc.info/?l=bugtraq&m=103228375116204&w=2
http://www.iss.net/security_center/static/10119.php
http://www.securityfocus.com/bid/5715

Vulnerable Configurations

cpe:2.3:a:microsoft:netmeeting:3.01:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:netmeeting:3.01:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 18-10-2016 - 02:24)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	5715
bugtraq	20020913 NetMeeting 3.01 Local RDS Session Hijacking
xf	netmeeting-rds-session-hijacking(10119)

Last major update

18-10-2016 - 02:24

Published

11-10-2002 - 04:00

Last modified

18-10-2016 - 02:24