CVE-2004-0894

Current Description

LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.

Basic Data

PublishedJanuary 10, 2005
Last ModifiedApril 30, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.2
SeverityHIGH
Exploitability Score3.9
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSMicrosoftWindows 2000********
    2.3OSMicrosoftWindows 2000*sp1******
    2.3OSMicrosoftWindows 2000*sp2******
    2.3OSMicrosoftWindows 2000*sp3******
    2.3OSMicrosoftWindows 2000*sp4******
    2.3OSMicrosoftWindows 2003 Serverdatacenter_64-bitsp1_beta_1******
    2.3OSMicrosoftWindows 2003 Serverenterprise*64-bit*****
    2.3OSMicrosoftWindows 2003 Serverenterprisesp1_beta_1******
    2.3OSMicrosoftWindows 2003 Serverenterprise_64-bit*******
    2.3OSMicrosoftWindows 2003 Serverenterprise_64-bitsp1_beta_1******
    2.3OSMicrosoftWindows 2003 Serverr2*64-bit*****
    2.3OSMicrosoftWindows 2003 Serverr2*datacenter_64-bit*****
    2.3OSMicrosoftWindows 2003 Serverr2sp1_beta_1******
    2.3OSMicrosoftWindows 2003 Serverstandard*64-bit*****
    2.3OSMicrosoftWindows 2003 Serverstandardsp1_beta_1******
    2.3OSMicrosoftWindows 2003 Serverweb*******
    2.3OSMicrosoftWindows 2003 Serverwebsp1_beta_1******
    2.3OSMicrosoftWindows Xp**64-bit*****
    2.3OSMicrosoftWindows Xp**home*****
    2.3OSMicrosoftWindows Xp**media_center*****
    2.3OSMicrosoftWindows Xp*goldprofessional*****
    2.3OSMicrosoftWindows Xp*sp164-bit*****
    2.3OSMicrosoftWindows Xp*sp1home*****
    2.3OSMicrosoftWindows Xp*sp1media_center*****
    2.3OSMicrosoftWindows Xp*sp2home*****
    2.3OSMicrosoftWindows Xp*sp2media_center*****

Vulnerable Software List

VendorProductVersions
Microsoft Windows Xp *
Microsoft Windows 2000 *
Microsoft Windows 2003 Server datacenter_64-bit, enterprise, enterprise_64-bit, r2, standard, web

References

NameSourceURLTags
MS04-044https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-044MS
win-lsass-gain-privileges(18340)https://exchange.xforce.ibmcloud.com/vulnerabilities/18340XF
oval:org.mitre.oval:def:1888https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1888OVAL
oval:org.mitre.oval:def:2062https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2062OVAL
oval:org.mitre.oval:def:3312https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3312OVAL
oval:org.mitre.oval:def:3325https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3325OVAL
oval:org.mitre.oval:def:4368https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4368OVAL
oval:org.mitre.oval:def:778https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A778OVAL