CVE-ID

CVE-2001-1122

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Assigning CNA
MITRE Corporation
Date Entry Created
20020315 Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (20020315)
Votes (Legacy)
ACCEPT(3) Foat, Frech, Green
NOOP(2) Baker, Cole
REJECT(2) Armstrong, Ziese
REVIEWING(1) Wall
Comments (Legacy)
 Ziese> fact that important system
   files are not appropriately secured from user, a/o admin, level access.
 Green> ACCESS TO THE WINNT/SYSTEM32 DIRECTORY, ALLOWING FOR A DoS TO BE PERFORMED.
 Foat> Our attempts to repair the computer with the Windows NT cd-rom failed. 
   The machine still would not allow logins. Tried two different NT 4.0 CD's. Both 
   CD's gave the error message that the file MSV1_0.dll read okay but is invalid on 
   the hard drive. It says the CD is probably defective.
 Armstrong> I don't believe that a privileged user being able to run code
   on a system is a vulnerability.
 Baker> I generally agree that unless you are elevating your priveleges, this should not be listed as a vulnerability.
 CHANGE> [Baker changed vote from REVIEWING to NOOP]

Proposed (Legacy)
20020315
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.