Windows Debugging Subsystem exploit v1.28 Vulnerability exploited: CVE-2002-0367 - BID-4287 Category: Exploits/Local Gets SYSTEM privileges under Windows 2000 Servers using the Debugging subsystem. There is an authentication vulnerability in the Windows debugging subsystem (smss). This allows any user to obtain a handle with any access of any process running.With this handle an agent is injected in a SYSTEM process. Supported Systems: Windows 2000 Server - sp0 (i386) Windows 2000 Advanced Server - sp1 (i386) Windows 2000 Advanced Server - sp0 (i386) Windows 2000 Professional - sp2 (i386) Windows 2000 Professional - sp0 (i386) Windows 2000 Professional - sp1 (i386) Windows 2000 Server - sp2 (i386) Windows 2000 Server - sp1 (i386) This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.