Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3981


Vulnerability Score 4.9 4.9
CVE Id CVE-2005-3981
Last Modified 05 Sep 2008 04:55:49
Published 04 Dec 2005 06:03:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE



** DISPUTED ** NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server Enterprise

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Standard

  • Microsoft Windows 2003 Server Web

  • Microsoft Windows Xp


BID - 15671

BUGTRAQ - 20051202 Microsoft Windows CreateRemoteThread Exploit

BUGTRAQ - 20051201 Microsoft Windows CreateRemoteThread Exploit

Last Updated: 27 May 2016 10:41:08