CVE DATABASE / CVE-2002-0018
CVE-2002-0018
CVSS 10 · HIGH
Summary
In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
CVSS 2.0 breakdown
| Base score | 10 (HIGH) |
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Confidentiality | COMPLETE |
| Integrity | COMPLETE |
| Availability | COMPLETE |
Affected products
Microsoft windows 2000Microsoft windows nt
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://www.securityfocus.com/bid/3997
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-001
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8023
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A159
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A64
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.