NT Automated Tasks / Drive Mappings Vulnerability

BID:1050

Info

NT Automated Tasks / Drive Mappings Vulnerability

Bugtraq ID: 1050
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2000-0197
Remote: No
Local: Yes
Published: Mar 14 2000 12:00AM
Updated: Jul 11 2009 01:56AM
Credit: Posted to NTBugtraq on March 14, 2000 by Shawn Wright <[email protected]>.
Vulnerable: Microsoft Windows NT 4.0
+ Microsoft Windows NT Enterprise Server 4.0
+ Microsoft Windows NT Enterprise Server 4.0
+ Microsoft Windows NT Server 4.0
+ Microsoft Windows NT Server 4.0
+ Microsoft Windows NT Terminal Server 4.0
+ Microsoft Windows NT Terminal Server 4.0
+ Microsoft Windows NT Workstation 4.0
+ Microsoft Windows NT Workstation 4.0
Not Vulnerable:

Discussion

NT Automated Tasks / Drive Mappings Vulnerability

Any automated task that relies on mapped drives and runs at a higher privelege level than the logged-on user can be exploited by changing the drive mapping. By replicating the directory structure of the intended drive, and replacing the contents of the scheduled executables or configuration files with other data, it is possible for a local attacker to cause arbitrary code to be executed at an elevated privelege level.


For example:
\\Workstation has the following drive mapping:
S: \\Server\Scripts
and there is an AT job that runs S:\Daily.bat every day as the Local Administrator.

Now all the attacker has to do is replace the S: mapping with one that specifies a target where the attacker has write privileges (\\Workstation\C$ for example). Then if the batch file C:\Daily.bat is created, it will be run as Local Administrator.

Solution / Fix

NT Automated Tasks / Drive Mappings Vulnerability

Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

References

NT Automated Tasks / Drive Mappings Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report