Vulnerability Description
NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows 2003 Server | enterprise |
| Microsoft | Windows Xp | All versions |
References
- http://www.securityfocus.com/archive/1/418289/100/0/threaded
- http://www.securityfocus.com/archive/1/418431/100/0/threaded
- http://www.securityfocus.com/bid/15671/Exploit
- http://www.securityfocus.com/archive/1/418289/100/0/threaded
- http://www.securityfocus.com/archive/1/418431/100/0/threaded
- http://www.securityfocus.com/bid/15671/Exploit
FAQ
What is CVE-2005-3981?
CVE-2005-3981 is a vulnerability with a CVSS score of 4.9 (MEDIUM). NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments...
How severe is CVE-2005-3981?
CVE-2005-3981 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3981?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows 2003 Server, Microsoft Windows Xp.