CVE-2004-2339
Last modified
CVE-2004-2339 is a high-severity vulnerability rated 8.4/10 on the CVSS scale. Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed. EPSS estimates a 1.43% chance of exploitation in the next 30 days.
Description
Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Windows 2000 | All versions | — |
| Microsoft | Windows 2003 Server | r2 | — |
| Microsoft | Windows Xp | All versions | Gold |
References
- http://www.securityfocus.com/archive/1/354392Vendor Advisory
- http://www.securityfocus.com/archive/1/354392Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2004-2339?
How severe is CVE-2004-2339?
How do I fix CVE-2004-2339?
Are you affected by CVE-2004-2339?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST