CVE-2002-1256

The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.

Published: Dec 23, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-1256
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / windows_2000_terminal_services	-	-
microsoft / windows_xp	-	-
microsoft / windows_2000	-	-

http://www.securityfocus.com/bid/6367
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-070
https://exchange.xforce.ibmcloud.com/vulnerabilities/10843
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A277

Vulnerability Database

289,599

CVE-2002-1256