ID CVE-2004-0118
Summary The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 12-10-2018 - 21:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2008-03-24T04:00:15.992-04:00
    class vulnerability
    contributors
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    definition_extensions
    comment Microsoft Windows NT is installed
    oval oval:org.mitre.oval:def:36
    description The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.
    family windows
    id oval:org.mitre.oval:def:1512
    status accepted
    submitted 2004-06-11T12:00:00.000-04:00
    title Windows Virtual DOS Machine Local Privilege Escalation Vulnerability (Test 1)
    version 69
  • accepted 2004-08-04T12:00:00.000-04:00
    class vulnerability
    contributors
    name Ingrid Skoog
    organization The MITRE Corporation
    description The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.
    family windows
    id oval:org.mitre.oval:def:1718
    status accepted
    submitted 2004-06-11T12:00:00.000-04:00
    title Windows Virtual DOS Machine Local Privilege Escalation Vulnerability (Test 2)
    version 63
refmap via4
bid 10117
cert TA04-104A
cert-vn VU#783748
ciac O-114
eeye AD20040413E
fulldisc 20040413 EEYE: Windows VDM TIB Local Privilege Escalation
ms MS04-011
xf win-vdm-gain-privileges(15714)
Last major update 12-10-2018 - 21:33
Published 01-06-2004 - 04:00
Back to Top