CVE-2002-2126 - restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver installation for 20 minutes,

CVE-2002-2126

Summary

restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver installation for 20 minutes, which allows local users to insert malicious code by setting system clock to an earlier time.

References

http://archives.neohapsis.com/archives/bugtraq/2002-12/0021.html
http://archives.neohapsis.com/archives/ntbugtraq/2002-q4/0087.html
http://www.iss.net/security_center/static/10745.php
http://www.securityfocus.com/bid/6295

Vulnerable Configurations

cpe:2.3:a:pedestal_software:integrity_protection_driver:1.2:*:*:*:*:*:*:*
cpe:2.3:a:pedestal_software:integrity_protection_driver:1.2:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 05-09-2008 - 20:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:P/A:N

refmap via4

bid	6295
bugtraq	20021202 Bypassing Integrity Protection Driver (time vulnerability)
ntbugtraq	20021203 New Integrity Protection Driver (IPD) Available
xf	ipd-change-system-clock(10745)

Last major update

05-09-2008 - 20:32

Published

31-12-2002 - 05:00

Last modified

05-09-2008 - 20:32