Vulnerabilities > CVE-2004-0208 - Unspecified vulnerability in Microsoft products

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
microsoft
nessus
NVD
Published: 2004-11-03
Updated: 2018-10-12

Summary

The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.

Vulnerable Configurations

Part Description Count
OS
Microsoft
4

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS04-032.NASL
descriptionThe remote host is missing a security update for Microsoft Windows (840987). The missing security update fixes issues in the following areas : - Window Management - Virtual DOS Machine - Graphics Rendering Engine - Windows Kernel A local attacker could exploit any of these vulnerabilities to cause a local denial of service or obtain higher privileges on the remote host.
last seen2020-06-01
modified2020-06-02
plugin id15457
published2004-10-12
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/15457
titleMS04-032: Security Update for Microsoft Windows (840987)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(15457);
 script_version("1.43");
 script_cvs_date("Date: 2018/11/15 20:50:29");

 script_cve_id(
  "CVE-2004-0207",
  "CVE-2004-0208",
  "CVE-2004-0209",
  "CVE-2004-0211"
 );
 script_bugtraq_id(11365, 11369, 11375, 11378);
 script_xref(name:"CERT", value:"806278");
 script_xref(name:"MSFT", value:"MS04-032");
 script_xref(name:"MSKB", value:"840987");

 script_name(english:"MS04-032: Security Update for Microsoft Windows (840987)");
 script_summary(english:"Determines if hotfix 840987 has been installed");

 script_set_attribute(attribute:"synopsis", value:"Arbitrary code can be executed on the remote host.");
 script_set_attribute(attribute:"description", value:
"The remote host is missing a security update for Microsoft Windows
(840987).  The missing security update fixes issues in the following
areas :

  - Window Management
  - Virtual DOS Machine
  - Graphics Rendering Engine
  - Windows Kernel

A local attacker could exploit any of these vulnerabilities to cause a
local denial of service or obtain higher privileges on the remote host.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2004/ms04-032");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows NT, 2000, XP and
2003.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

 script_set_attribute(attribute:"vuln_publication_date", value:"2004/10/12");
 script_set_attribute(attribute:"patch_publication_date", value:"2004/10/12");
 script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/12");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS04-032';
kb = '840987';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(nt:'6', win2k:'3,4', xp:'0,1', win2003:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  hotfix_is_vulnerable(os:"5.2", sp:0, file:"Win32k.sys", version:"5.2.3790.198", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:1, file:"Win32k.sys", version:"5.1.2600.1581", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:0, file:"Win32k.sys", version:"5.1.2600.166", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.0", file:"Win32k.sys", version:"5.0.2195.6966", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"4.0", file:"Win32k.sys", version:"4.0.1381.7292", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"4.0", file:"Win32k.sys", version:"4.0.1381.33580", min_version:"4.0.1381.33000", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}

Oval

  • accepted2004-11-17T10:00:00.000-04:00
    classvulnerability
    contributors
    • nameIngrid Skoog
      organizationThe MITRE Corporation
    • nameIngrid Skoog
      organizationThe MITRE Corporation
    descriptionThe Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
    familywindows
    idoval:org.mitre.oval:def:1751
    statusaccepted
    submitted2004-10-13T11:27:00.000-04:00
    titleWindows XP/Server 2003 (64-Bit) VDM Privilege Escalation Vulnerability
    version65
  • accepted2004-12-09T08:46:00.000-04:00
    classvulnerability
    contributors
    nameIngrid Skoog
    organizationThe MITRE Corporation
    descriptionThe Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
    familywindows
    idoval:org.mitre.oval:def:3161
    statusaccepted
    submitted2004-10-14T09:58:00.000-04:00
    titleWindows XP VDM Privilege Escalation Vulnerability
    version64
  • accepted2008-03-24T04:00:31.396-04:00
    classvulnerability
    contributors
    • nameIngrid Skoog
      organizationThe MITRE Corporation
    • nameJohn Hoyland
      organizationCentennial Software
    • nameJonathan Baker
      organizationThe MITRE Corporation
    definition_extensions
    commentMicrosoft Windows NT is installed
    ovaloval:org.mitre.oval:def:36
    descriptionThe Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
    familywindows
    idoval:org.mitre.oval:def:3953
    statusaccepted
    submitted2004-10-13T12:05:00.000-04:00
    titleWindows NT VDM Privilege Escalation Vulnerability
    version73
  • accepted2004-11-17T10:00:00.000-04:00
    classvulnerability
    contributors
    nameIngrid Skoog
    organizationThe MITRE Corporation
    descriptionThe Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
    familywindows
    idoval:org.mitre.oval:def:4316
    statusaccepted
    submitted2004-10-13T11:08:00.000-04:00
    titleWindows 2000 VDM Privilege Escalation Vulnerability
    version64
  • accepted2004-11-17T10:00:00.000-04:00
    classvulnerability
    contributors
    nameIngrid Skoog
    organizationThe MITRE Corporation
    descriptionThe Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
    familywindows
    idoval:org.mitre.oval:def:4762
    statusaccepted
    submitted2004-10-13T12:02:00.000-04:00
    titleWindows NT Terminal Server VDM Privilege Escalation Vulnerability
    version65

References