1. CVE-Search
  2. CVE-2002-2132
ID CVE-2002-2132
Summary Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:datacenter_server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:datacenter_server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:professional:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:professional:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:ja:server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:*:*:ja:server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:advanced_server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:advanced_server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:datacenter_server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:datacenter_server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:professional:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:professional:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:advanced_server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:advanced_server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:datacenter_server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:datacenter_server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:professional:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:professional:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:advanced_server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:advanced_server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:datacenter_server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:datacenter_server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:professional:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:professional:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:server:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:*:*:home:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:*:*:home:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:professional:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:professional:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:*:*:home:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:*:*:home:*:*:*
CVSS
Base: 2.1 (as of 21-11-2017 - 19:26)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 6483
bugtraq 20021226 Full Disclosure: Windows File Protection Old Security Catalog Vulnerability
xf wfp-security-catalogs(10957)
Last major update 21-11-2017 - 19:26
Published 31-12-2002 - 05:00
Last modified 21-11-2017 - 19:26
Back to Top