Microsoft Security Bulletin MS02-042 for Windows

Name: Microsoft Security Bulletin MS02-042
Rating: 4 (1 reviews)
Author: Microsoft

Used Microsoft Security Bulletin MS02-042 for Windows?

Download.com has chosen not to provide a direct-download link for this product and offers this page for informational purposes only.

Developer’s Description

By Microsoft

Privilege elevation flaw in Network Connection Manager

The Network Connection Manager (NCM) provides a controlling mechanism for all network connections managed by a host system. Among the functions of the NCM is to call a handler routine whenever a network connection has been established.

By design, this handler routine should run in the security context of the user. However, a flaw could make it possible for an unprivileged user to cause the handler routine to run in the security context of LocalSystem, though a very complex process. An attacker who exploited this flaw could specify code of his or her choice as the handler, then establish a network connection in order to cause that code to be invoked by the NCM. The code would then run with full system privileges.