Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2339

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-2339
Last Modified 05 Sep 2008 04:43:51
Published 31 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-2339

Summary

** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows Xp


References

XF - win-kernel-gain-privileges(15263)

BUGTRAQ - 20040218 Multiple WinXP kernel vulns can give user mode programs kernel mode privileges

BUGTRAQ - 20040219 RE: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges

SECTRACK - 1009128


Last Updated: 27 May 2016 10:39:26