CVE-2002-2324 | Access Control Vulnerability

Description

The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify registry settings.

Products

Microsoft Windows XP
Microsoft Windows XP
Microsoft Windows XP 64-bit
Microsoft Windows XP x86 (32-bit)
Microsoft Windows XP Embedded Edition (XPe) on Itanium
Microsoft Windows XP Embedded Edition (XPe) on x64
Microsoft Windows XP Embedded Edition (XPe) on x86
Microsoft Windows XP Home Edition on Itanium
Microsoft Windows XP Home Edition on x64
Microsoft Windows XP Home Edition on x86
Microsoft Windows XP Media Center Edition on Itanium
Microsoft Windows XP Media Center Edition on x64
Microsoft Windows XP Media Center Edition on x86
Microsoft Windows XP Professional Edition on Itanium
Microsoft Windows XP Professional Edition on x64
Microsoft Windows XP Professional Edition on x86
Microsoft Windows XP Starter Edition on Itanium
Microsoft Windows XP Starter Edition on x64
Microsoft Windows XP Starter Edition on x86
Microsoft Windows XP Tablet PC Edition on Itanium
Microsoft Windows XP Tablet PC Edition on x64
Microsoft Windows XP Tablet PC Edition on x86
Microsoft windows xp_gold
Microsoft Windows XP Gold Professional Edition
Microsoft Windows Xp - Gold Professional Edition on X64
Microsoft Windows XP (gold) 64-Bit Edition for Itanium systems, Version 2002
Microsoft Windows XP (gold) 64-Bit Edition, Version 2003
Microsoft windows xp_gold embedded
Microsoft Windows XP (gold) Home Edition
Microsoft windows xp_gold media_center
Microsoft Windows XP Professional Gold
Microsoft windows xp_gold tablet_pc
Microsoft Windows XP (gold) x64 (64-bit)
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 1 on x64 (64-bit)
Microsoft Windows XP Service Pack 1 Embedded Edition (XPe) on Itanium
Microsoft Windows XP Service Pack 1 Embedded Edition (XPe) on x64
Microsoft Windows XP Service Pack 1 Embedded Edition (XPe) on x86
Microsoft Windows XP Service Pack 1 Home Edition
Microsoft Windows XP Service Pack 1 Home Edition on Itanium
Microsoft Windows XP Service Pack 1 Home Edition on x64
Microsoft Windows XP Service Pack 1 Home Edition on x86
Microsoft Windows XP Service Pack 1 Media Center Edition on Itanium
Microsoft Windows XP Service Pack 1 Media Center Edition on x64
Microsoft Windows XP Service Pack 1 Media Center Edition on x86
Microsoft Windows XP Service Pack 1 Professional Edition on Itanium
Microsoft Windows XP Service Pack 1 Professional Edition on x64
Microsoft Windows XP Service Pack 1 Professional Edition on x86
Microsoft Windows XP Service Pack 1 Starter Edition on Itanium
Microsoft Windows XP Service Pack 1 Starter Edition on x64
Microsoft Windows XP Service Pack 1 Starter Edition on x86
Microsoft Windows XP Service Pack 1 Tablet PC Edition on Itanium
Microsoft Windows XP Service Pack 1 Tablet PC Edition on x64
Microsoft Windows XP Service Pack 1 Tablet PC Edition on x86
Microsoft windows xp_sp1 embedded
Microsoft Windows XP Service Pack 1 Home Edition
Microsoft windows xp_sp1 media_center
Microsoft Windows XP Professional SP1
Microsoft windows xp_sp1 tablet_pc
Microsoft Windows XP Service Pack 1 x64 (64-bit)
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 2 Embedded Edition (XPe) on Itanium
Microsoft Windows XP Service Pack 2 Embedded Edition (XPe) on x64
Microsoft Windows XP Service Pack 2 Embedded Edition (XPe) on x86
Microsoft Windows XP Service Pack 2 Home Edition on Itanium
Microsoft Windows XP Service Pack 2 Home Edition on x64
Microsoft Windows XP Service Pack 2 Home Edition on x86
Microsoft Windows XP Service Pack 2 Media Center Edition on Itanium
Microsoft Windows XP Service Pack 2 Media Center Edition on x64
Microsoft Windows XP Service Pack 2 Media Center Edition on x86
Microsoft Windows XP Service Pack 2 Professional Edition
Microsoft Windows XP Service Pack 2 Professional Edition on Itanium
Microsoft Windows XP Service Pack 2 Professional Edition on x64
Microsoft Windows XP Service Pack 2 Professional Edition on x86
Microsoft Windows XP Service Pack 2 Starter Edition on Itanium
Microsoft Windows XP Service Pack 2 Starter Edition on x64
Microsoft Windows XP Service Pack 2 Starter Edition on x86
Microsoft Windows XP Service Pack 2 Tablet PC Edition on Itanium
Microsoft Windows XP Service Pack 2 Tablet PC Edition on x64
Microsoft Windows XP Service Pack 2 Tablet PC Edition on x86
Microsoft windows xp_sp2 embedded
Microsoft Windows XP Service Pack 2 Home Edition
Microsoft windows xp_sp2 media_center
Microsoft Windows XP Professional SP2
Microsoft windows xp_sp2 tablet_pc
Microsoft Windows XP Service Pack 2 x64 (64-bit)
Microsoft Windows XP x86 (32-bit) Service Pack 2
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Service Pack 3 Embedded Edition (XPe) on x64
Microsoft Windows XP Service Pack 3 Embedded Edition (XPe) on x86
Microsoft Windows XP Service Pack 3 Home Edition on x64
Microsoft Windows XP Service Pack 3 Home Edition on x86
Microsoft Windows XP Service Pack 3 Media Center Edition on x64
Microsoft Windows XP Service Pack 3 Media Center Edition on x86
Microsoft Windows XP Service Pack 3 Professional Edition
Microsoft Windows XP Service Pack 3 Professional Edition on x64
Microsoft Windows XP Service Pack 3 Professional Edition on x86
Microsoft Windows XP Service Pack 3 Tablet PC Edition on x64
Microsoft Windows XP Service Pack 3 Tablet PC Edition on x86
Microsoft Windows XP Service Pack 3 Embedded Edition
Microsoft Windows XP Service Pack 3 Home Edition
Microsoft Windows XP Service Pack 3 Media Center Edition
Microsoft Windows XP Service Pack 3 Professional Edition
Microsoft Windows XP Service Pack 3 Tablet PC
Microsoft Windows XP (x86) Service Pack 3
Windows XP Service Pack 2
Microsoft Windows XP SP3
Microsoft Windows XP SP3 English
Microsoft Windows XP SP3

Questions to Ask Vendors

Can you confirm whether your systems are affected by CVE-2002-2324, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-2002-2324 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions

Check out the advisory links provided below.

References

https://nvd.nist.gov/vuln/detail/CVE-2002-2324

PUBLISHED DATE: December 31, 2002CVE-2002-2324:
Access Control Vulnerability

CVSS:

EPSS:

Exploitability:

In KEV:

Description

Products

Questions to Ask Vendors

Recommended Actions

References

Ready to get results you can trust?