CVE-1999-1365

CVSS 2.0 Score 7.2 of 10 (high)

Details

Published Jun 28, 1999
Updated: Nov 20, 2024

Summary

CVE-1999-1365 is a vulnerability affecting Windows NT operating systems. The issue lies in the search order used by the system to locate critical programs, such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE, or TASKMGR.EXE. By default, Windows NT first searches in the user's home directory (%systemroot%). This behavior could allow local users to bypass access restrictions or elevate privileges by placing a Trojan horse program in the root directory, which is writable by default. This vulnerability poses a significant risk to systems with local users who have the ability to modify the root directory.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft Windows NT

Affected Vendors

  • Microsoft