Executive Summary

Informations
Name MS04-044 First vendor Publication 0000-00-00
Vendor Microsoft Last vendor Modification 0000-00-00
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835)

Original Source

Url : http://technet.microsoft.com/en-us/security/bulletin/MS04-044

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:450
 
Oval ID: oval:org.mitre.oval:def:450
Title: Windows Kernel LPC Privilege Escalation Vulnerability (32-bit XP,SP2)
Description: The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2004-0893
Version: 5
Platform(s): Microsoft Windows XP
Product(s): Windows kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:4458
 
Oval ID: oval:org.mitre.oval:def:4458
Title: Windows Kernel LPC Privilege Escalation Vulnerability (Server 2003)
Description: The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2004-0893
Version: 1
Platform(s): Microsoft Windows Server 2003
Product(s): Windows kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:4021
 
Oval ID: oval:org.mitre.oval:def:4021
Title: Windows Kernel LPC Privilege Escalation Vulnerability (NT Terminal Server)
Description: The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2004-0893
Version: 2
Platform(s): Microsoft Windows NT
Product(s): Windows kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:2008
 
Oval ID: oval:org.mitre.oval:def:2008
Title: Windows Kernel LPC Privilege Escalation Vulnerability (64-bit XP)
Description: The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2004-0893
Version: 5
Platform(s): Microsoft Windows XP
Product(s): Windows kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1886
 
Oval ID: oval:org.mitre.oval:def:1886
Title: Windows Kernel LPC Privilege Escalation Vulnerability (32-bit XP,SP1)
Description: The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2004-0893
Version: 5
Platform(s): Microsoft Windows XP
Product(s): Windows kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1581
 
Oval ID: oval:org.mitre.oval:def:1581
Title: Suppressed Test OVAL1581 (Identical to OVAL4458)
Description: The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2004-0893
Version: 1
Platform(s): Microsoft Windows Server 2003
Product(s): Windows kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1561
 
Oval ID: oval:org.mitre.oval:def:1561
Title: Windows Kernel LPC Privilege Escalation Vulnerability (Windows 2000)
Description: The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2004-0893
Version: 7
Platform(s): Microsoft Windows 2000
Product(s): Windows kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1321
 
Oval ID: oval:org.mitre.oval:def:1321
Title: Windows Kernel LPC Privilege Escalation Vulnerability (NT 4.0)
Description: The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2004-0893
Version: 3
Platform(s): Microsoft Windows NT
Product(s): Windows kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:778
 
Oval ID: oval:org.mitre.oval:def:778
Title: LSASS Privilege Escalation Vulnerability (Windows 2000)
Description: LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
Family: windows Class: vulnerability
Reference(s): CVE-2004-0894
Version: 7
Platform(s): Microsoft Windows 2000
Product(s): Local Security Authority Subsystem Service (LSASS)
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:4368
 
Oval ID: oval:org.mitre.oval:def:4368
Title: LSASS Privilege Escalation Vulnerability (32-bit XP, SP2)
Description: LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
Family: windows Class: vulnerability
Reference(s): CVE-2004-0894
Version: 5
Platform(s): Microsoft Windows XP
Product(s): Local Security Authority Subsystem Service (LSASS)
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:3325
 
Oval ID: oval:org.mitre.oval:def:3325
Title: LSASS Privilege Escalation Vulnerability (32-bit XP, SP1)
Description: LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
Family: windows Class: vulnerability
Reference(s): CVE-2004-0894
Version: 4
Platform(s): Microsoft Windows XP
Product(s): Local Security Authority Subsystem Service (LSASS)
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:3312
 
Oval ID: oval:org.mitre.oval:def:3312
Title: LSASS Privilege Escalation Vulnerability (Server 2003/64-bit XP)
Description: LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
Family: windows Class: vulnerability
Reference(s): CVE-2004-0894
Version: 1
Platform(s): Microsoft Windows XP
Product(s): Local Security Authority Subsystem Service (LSASS)
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:2062
 
Oval ID: oval:org.mitre.oval:def:2062
Title: LSASS Privilege Escalation Vulnerability (64-bit XP, SP1)
Description: LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
Family: windows Class: vulnerability
Reference(s): CVE-2004-0894
Version: 4
Platform(s): Microsoft Windows XP
Product(s): Local Security Authority Subsystem Service (LSASS)
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1888
 
Oval ID: oval:org.mitre.oval:def:1888
Title: LSASS Privilege Escalation Vulnerability (64-bit Server 2003)
Description: LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
Family: windows Class: vulnerability
Reference(s): CVE-2004-0894
Version: 1
Platform(s): Microsoft Windows Server 2003
Product(s): Local Security Authority Subsystem Service (LSASS)
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os20
Os12
Os31
Os9

Open Source Vulnerability Database (OSVDB)

idDescription
12376Microsoft Windows LSASS Identity Token Validation Local Privilege Escalation
12372Microsoft Windows Kernel Application Launch Local Privilege Escalation

Nessus® Vulnerability Scanner

DateDescription
2004-12-14Name : Local users can elevate their privileges on the remote host.
File : smb_nt_ms04-044.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:45:05
  • Multiple Updates