CVE-2003-0910

high

Description

The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A911

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A890

https://exchange.xforce.ibmcloud.com/vulnerabilities/15707

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011

http://www.us-cert.gov/cas/techalerts/TA04-104A.html

http://www.securityfocus.com/bid/10122

http://www.kb.cert.org/vuls/id/122076

http://www.eeye.com/html/Research/Advisories/AD20040413D.html

http://www.ciac.org/ciac/bulletins/o-114.shtml

http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020068.html

Details

Source: Mitre, NVD

Published: 2004-06-01

Updated: 2018-10-12

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High