Is CVE-2002-0971 actively exploited?

CVE-2002-0971 has no public evidence of in-the-wild exploitation as of 2025-04-03.

What is the CVSS score for CVE-2002-0971?

CVE-2002-0971 has a CVSS score of 4.6 (UNKNOWN severity). Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P.

How do I patch CVE-2002-0971?

Patch guidance is available from att security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2002-0971.

CVE-2002-0971 - remediation guidance & executive summary

Q: Which products are affected by CVE-2002-0971?

9 products: att winvnc server, att winvnc server, tightvnc tightvnc, tightvnc tightvnc, tightvnc tightvnc, and 4 more.

Description

Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box.

CVSS Metrics

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Access Vector: local
Access Cmplx: low
Auth: none
Confidentiality: partial
Integrity: partial
Availability: partial
Weaknesses: NVD-CWE-Other

Metadata

Primary Vendor: ATT
Published: 9/24/2002
Last Modified: 4/3/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

att : winvnc_serveratt : winvnc_servertightvnc : tightvnctightvnc : tightvnctightvnc : tightvnctridia : tridiavnctridia : tridiavnctridia : tridiavnctridia : tridiavnc

Remediation Guidance

Executive Summary

View on NIST NVD