CVE-2004-0118

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

01/06/2004

Last modified:

12/10/2018

Description

The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.

Impact

Vector 2.0

AV:L/AC:L/Au:N/C:C/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 7.20 HIGH
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Attack Vector (AV): Local
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete

Base Score 2.0

7.20

Severity 2.0

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:microsoft:windows_2000::::::::
cpe:2.3:o:microsoft:windows_nt:4.0:::::::*

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020070.html
http://www.ciac.org/ciac/bulletins/o-114.shtml
http://www.eeye.com/html/Research/Advisories/AD20040413E.html
http://www.kb.cert.org/vuls/id/783748
http://www.securityfocus.com/bid/10117
http://www.us-cert.gov/cas/techalerts/TA04-104A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011
https://exchange.xforce.ibmcloud.com/vulnerabilities/15714
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1512
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1718