CVE-2002-1256
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
23/12/2002
Last modified:
03/04/2025
Description
The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp3:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.securityfocus.com/bid/6367
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-070
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10843
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A277
- http://www.securityfocus.com/bid/6367
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-070
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10843
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A277