CVE-1999-1217
First published: Fri Jul 25 1997(Updated: )
The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows NT | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-1999-1217?
CVE-1999-1217 is considered a high-risk vulnerability due to the potential for local users to exploit it for unauthorized privilege escalation.
How do I fix CVE-1999-1217?
Fixing CVE-1999-1217 involves modifying the system PATH variable to exclude the current working directory or implementing strict access controls.
Who is affected by CVE-1999-1217?
Any user operating Windows NT is potentially affected by CVE-1999-1217 if the current working directory is included in the PATH.
What type of attack is associated with CVE-1999-1217?
CVE-1999-1217 is associated with local privilege escalation attacks, where attackers can replace system programs with malicious versions.
Is there a workaround for CVE-1999-1217?
Yes, a workaround for CVE-1999-1217 includes avoiding the use of the current directory in the PATH for non-administrative users.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/severity
- agent/description
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/microsoft
- vendor/windows nt
- collector/nvd-index
- canonical/microsoft windows nt