Lucene search
HistorySep 24, 2002 - 4:00 a.m.
CVE-2002-0971
vnc
tightvnc
tridiavnc
vulnerability
localsystem
win32 messaging system
add new clients
nvd
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the “Add new clients” dialogue box.
Affected configurations
Node
attwinvnc_serverRange≤3.3.3_r9
ORattwinvnc_serverMatch3.3.3_r7
ORtightvnctightvncMatch1.2.0
ORtightvnctightvncMatch1.2.1
ORtightvnctightvncMatch1.2.5
ORtridiatridiavncMatch1.5
ORtridiatridiavncMatch1.5.1
ORtridiatridiavncMatch1.5.2
ORtridiatridiavncMatch1.5.4
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2002-0971