Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-0975 — Microsoft Windows NT vulnerability

4 documents4 sources

Severity

4.6MEDIUMNVD

EPSS

0.5%

top 35.41%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows NT

Timeline

PublishedDec 10

Latest updateApr 30

Description

The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/windows_nt4.0

🔴Vulnerability Details

GHSA

GHSA-wm4h-9j53-mhpc: The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a↗2022-04-30

▶

CVEList

CVE-1999-0975: The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a↗2000-01-04

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows 95/98/NT 4.0 - Help File Backdoor↗1999-12-10

▶