CVE-2003-0910

Sažetak

The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020068.html
http://www.ciac.org/ciac/bulletins/o-114.shtml
http://www.eeye.com/html/Research/Advisories/AD20040413D.html
http://www.kb.cert.org/vuls/id/122076
http://www.securityfocus.com/bid/10122
http://www.us-cert.gov/cas/techalerts/TA04-104A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011
https://exchange.xforce.ibmcloud.com/vulnerabilities/15707
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A890
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A911

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

12-10-2018 - 21:33

Objavljeno

01-06-2004 - 04:00