Vulnerabilities > CVE-2004-0208 - Unspecified vulnerability in Microsoft products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 4 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS04-032.NASL |
description | The remote host is missing a security update for Microsoft Windows (840987). The missing security update fixes issues in the following areas : - Window Management - Virtual DOS Machine - Graphics Rendering Engine - Windows Kernel A local attacker could exploit any of these vulnerabilities to cause a local denial of service or obtain higher privileges on the remote host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 15457 |
published | 2004-10-12 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/15457 |
title | MS04-032: Security Update for Microsoft Windows (840987) |
code |
|
Oval
accepted 2004-11-17T10:00:00.000-04:00 class vulnerability contributors name Ingrid Skoog organization The MITRE Corporation name Ingrid Skoog organization The MITRE Corporation
description The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions. family windows id oval:org.mitre.oval:def:1751 status accepted submitted 2004-10-13T11:27:00.000-04:00 title Windows XP/Server 2003 (64-Bit) VDM Privilege Escalation Vulnerability version 65 accepted 2004-12-09T08:46:00.000-04:00 class vulnerability contributors name Ingrid Skoog organization The MITRE Corporation description The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions. family windows id oval:org.mitre.oval:def:3161 status accepted submitted 2004-10-14T09:58:00.000-04:00 title Windows XP VDM Privilege Escalation Vulnerability version 64 accepted 2008-03-24T04:00:31.396-04:00 class vulnerability contributors name Ingrid Skoog organization The MITRE Corporation name John Hoyland organization Centennial Software name Jonathan Baker organization The MITRE Corporation
definition_extensions comment Microsoft Windows NT is installed oval oval:org.mitre.oval:def:36 description The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions. family windows id oval:org.mitre.oval:def:3953 status accepted submitted 2004-10-13T12:05:00.000-04:00 title Windows NT VDM Privilege Escalation Vulnerability version 73 accepted 2004-11-17T10:00:00.000-04:00 class vulnerability contributors name Ingrid Skoog organization The MITRE Corporation description The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions. family windows id oval:org.mitre.oval:def:4316 status accepted submitted 2004-10-13T11:08:00.000-04:00 title Windows 2000 VDM Privilege Escalation Vulnerability version 64 accepted 2004-11-17T10:00:00.000-04:00 class vulnerability contributors name Ingrid Skoog organization The MITRE Corporation description The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions. family windows id oval:org.mitre.oval:def:4762 status accepted submitted 2004-10-13T12:02:00.000-04:00 title Windows NT Terminal Server VDM Privilege Escalation Vulnerability version 65
References
- http://marc.info/?l=bugtraq&m=109772135404427&w=2
- http://www.kb.cert.org/vuls/id/910998
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-032
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16580
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17658
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1751
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3161
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3953
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4316
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4762