Vulnerability Description
The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows Nt | 4.0 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020070.html
- http://www.ciac.org/ciac/bulletins/o-114.shtml
- http://www.eeye.com/html/Research/Advisories/AD20040413E.htmlPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/783748PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/10117
- http://www.us-cert.gov/cas/techalerts/TA04-104A.htmlThird Party AdvisoryUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-01
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15714
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020070.html
- http://www.ciac.org/ciac/bulletins/o-114.shtml
- http://www.eeye.com/html/Research/Advisories/AD20040413E.htmlPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/783748PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/10117
FAQ
What is CVE-2004-0118?
CVE-2004-0118 is a vulnerability with a CVSS score of 7.2 (HIGH). The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory an...
How severe is CVE-2004-0118?
CVE-2004-0118 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0118?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows Nt.