Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0155 — Code Injection in Microsoft Windows NT

CWE-94 — Code Injection4 documents4 sources

Severity

7.2HIGHNVD

EPSS

1.7%

top 17.55%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows NT

Timeline

PublishedFeb 18

Latest updateApr 30

Description

Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/windows_nt4.0

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-92rc-5g3w-9vp2: Windows NT Autorun executes the autorun↗2022-04-30

▶

CVEList

CVE-2000-0155: Windows NT Autorun executes the autorun↗2000-02-23

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows 95/98/NT 4.0 - 'autorun.inf' Code Execution↗2000-02-18

▶