ID CVE-2005-2827
Summary The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure Call (APC) entries to free the wrong data, aka the "Windows Kernel Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 30-04-2019 - 14:27)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2011-05-09T04:01:15.331-04:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Shane Shaffer
    organization G2, Inc.
description The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure Call (APC) entries to free the wrong data, aka the "Windows Kernel Vulnerability."
family windows
id oval:org.mitre.oval:def:1583
status accepted
submitted 2005-12-13T12:00:00.000-04:00
title Win2K Kernel Privilege Escalation Vulnerability
version 68
refmap via4
bid 15826
bugtraq 20051213 [EEYEB-20050523] Windows Kernel APC Data-Free Local Privilege Escalation Vulnerability
confirm http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf
eeye
  • EEYEB-20050523
  • EEYEB-20051213
misc http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420
osvdb 18823
sectrack 1015347
secunia
  • 15821
  • 18064
  • 18311
sreason 252
vupen
  • ADV-2005-2868
  • ADV-2005-2909
xf win-apc-gain-privileges(23447)
Last major update 30-04-2019 - 14:27
Published 14-12-2005 - 01:03
Last modified 30-04-2019 - 14:27
Back to Top