CVE-2001-0016

high

Description

NTLM Security Support Provider (NTLMSSP) service does not properly check the function number in an LPC request, which could allow local users to gain administrator level access.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/6076

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-008

http://www.securityfocus.com/bid/2348

http://razor.bindview.com/publish/advisories/adv_NTLMSSP.html

Details

Source: Mitre, NVD

Published: 2001-03-12

Updated: 2018-10-12

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H