Vulnerability Description
The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows Nt | 4.0 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020068.html
- http://www.ciac.org/ciac/bulletins/o-114.shtml
- http://www.eeye.com/html/Research/Advisories/AD20040413D.htmlPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/122076PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/10122
- http://www.us-cert.gov/cas/techalerts/TA04-104A.htmlThird Party AdvisoryUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-01
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15707
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020068.html
- http://www.ciac.org/ciac/bulletins/o-114.shtml
- http://www.eeye.com/html/Research/Advisories/AD20040413D.htmlPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/122076PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/10122
FAQ
What is CVE-2003-0910?
CVE-2003-0910 is a vulnerability with a CVSS score of 7.2 (HIGH). The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arb...
How severe is CVE-2003-0910?
CVE-2003-0910 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0910?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows Nt.