ID CVE-2004-0208
Summary The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 12-10-2018 - 21:34)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2004-11-17T10:00:00.000-04:00
    class vulnerability
    contributors
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Ingrid Skoog
      organization The MITRE Corporation
    description The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
    family windows
    id oval:org.mitre.oval:def:1751
    status accepted
    submitted 2004-10-13T11:27:00.000-04:00
    title Windows XP/Server 2003 (64-Bit) VDM Privilege Escalation Vulnerability
    version 64
  • accepted 2004-12-09T08:46:00.000-04:00
    class vulnerability
    contributors
    name Ingrid Skoog
    organization The MITRE Corporation
    description The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
    family windows
    id oval:org.mitre.oval:def:3161
    status accepted
    submitted 2004-10-14T09:58:00.000-04:00
    title Windows XP VDM Privilege Escalation Vulnerability
    version 63
  • accepted 2008-03-24T04:00:31.396-04:00
    class vulnerability
    contributors
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Jonathan Baker
      organization The MITRE Corporation
    definition_extensions
    comment Microsoft Windows NT is installed
    oval oval:org.mitre.oval:def:36
    description The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
    family windows
    id oval:org.mitre.oval:def:3953
    status accepted
    submitted 2004-10-13T12:05:00.000-04:00
    title Windows NT VDM Privilege Escalation Vulnerability
    version 70
  • accepted 2004-11-17T10:00:00.000-04:00
    class vulnerability
    contributors
    name Ingrid Skoog
    organization The MITRE Corporation
    description The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
    family windows
    id oval:org.mitre.oval:def:4316
    status accepted
    submitted 2004-10-13T11:08:00.000-04:00
    title Windows 2000 VDM Privilege Escalation Vulnerability
    version 63
  • accepted 2004-11-17T10:00:00.000-04:00
    class vulnerability
    contributors
    name Ingrid Skoog
    organization The MITRE Corporation
    description The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
    family windows
    id oval:org.mitre.oval:def:4762
    status accepted
    submitted 2004-10-13T12:02:00.000-04:00
    title Windows NT Terminal Server VDM Privilege Escalation Vulnerability
    version 64
refmap via4
bugtraq 20041013 EEYE: Windows VDM #UD Local Privilege Escalation
cert-vn VU#910998
ms MS04-032
xf
  • win-ms04032-patch(17658)
  • win-vdm-gain-privilege(16580)
Last major update 12-10-2018 - 21:34
Published 03-11-2004 - 05:00
Back to Top