7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
12.3%
A privilege elevation vulnerability exists in the way that the Windows’ kernel processes certain access requests. This vulnerability could allow a logged on user to take complete control of the system.
A locally authenticated user could potentially exploit a vulnerability in the way that the Windows’ kernel processes certain access requests. Microsoft indicates that this vulnerability could not be exploited remotely. For more information see the Microsoft bulletin MS05-018.
A locally authenticated user could potentially execute arbitrary code with elevated privileges allowing them to gain complete control of the system.
Apply a patch
Microsoft has published Microsoft Security Bulletin MS05-018 in response to this issue. Users are strongly encouraged to review this advisory and apply the patches it refers to.
775933
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: April 13, 2005
Affected
For more information please see Microsoft bulletin MS05-018 available at: <http://www.microsoft.com/technet/security/bulletin/MS05-018.mspx>
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23775933 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
<http://www.microsoft.com/technet/security/bulletin/MS05-018.mspx>
Thanks to Microsoft who in turn thank Sanjeev Radhakrishnan, Amit Joshi, and Ananta Iyengar with GreenBorder Technologies for reporting the Windows Kernel Vulnerability
This document was written by Robert Mead based on information provided by Microsoft.
CVE IDs: | CVE-2005-0061 |
---|---|
Severity Metric: | 2.43 Date Public: |