CVE-1999-1365
CVSS 2.0 Score 7.2 of 10 (high)
Details
Summary
CVE-1999-1365 is a vulnerability affecting Windows NT operating systems. The issue lies in the search order used by the system to locate critical programs, such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE, or TASKMGR.EXE. By default, Windows NT first searches in the user's home directory (%systemroot%). This behavior could allow local users to bypass access restrictions or elevate privileges by placing a Trojan horse program in the root directory, which is writable by default. This vulnerability poses a significant risk to systems with local users who have the ability to modify the root directory.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Microsoft Windows NT
Affected Vendors
- Microsoft