Lucene search

[email protected]CVE-2004-0893

HistoryJan 10, 2005 - 5:00 a.m.

CVE-2004-0893

2005-01-1005:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

windows kernel

windows nt 4.0

windows 2000

windows xp

windows server 2003

local procedure call

lpc

privilege escalation

vulnerability

6.8 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

14.3%

JSON

The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka “Windows Kernel Vulnerability.”

CPENameOperatorVersion
microsoft:windows_ntmicrosoft windows nteq4.0
microsoft:windows_2003_servermicrosoft windows 2003 servereqweb
microsoft:windows_xpmicrosoft windows xpeq*
microsoft:windows_2003_servermicrosoft windows 2003 servereqenterprise
microsoft:windows_2003_servermicrosoft windows 2003 servereqenterprise_64-bit
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_2003_servermicrosoft windows 2003 servereqdatacenter_64-bit
microsoft:windows_2003_servermicrosoft windows 2003 servereqstandard
microsoft:windows_2003_servermicrosoft windows 2003 servereqr2

CPE	Name	Operator	Version
microsoft:windows_nt	microsoft windows nt	eq	4.0
microsoft:windows_2003_server	microsoft windows 2003 server	eq	web
microsoft:windows_xp	microsoft windows xp	eq	*
microsoft:windows_2003_server	microsoft windows 2003 server	eq	enterprise
microsoft:windows_2003_server	microsoft windows 2003 server	eq	enterprise_64-bit
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_2003_server	microsoft windows 2003 server	eq	datacenter_64-bit
microsoft:windows_2003_server	microsoft windows 2003 server	eq	standard
microsoft:windows_2003_server	microsoft windows 2003 server	eq	r2

References

docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-044

exchange.xforce.ibmcloud.com/vulnerabilities/18339

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1321

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1561

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1581

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1886

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2008

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4021

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4458

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A450

6.8 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

14.3%

JSON

Related for CVE-2004-0893

securityvulns1 nessus1