CVE-2004-0210

Microsoft Windows Privilege Escalation Vulnerability

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

Act

*SSVC

Descriptions

The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.

El componente POSIX de Microsoft Windows NT y Windows 2000 permite a usuarios locales ejecutar código de su elección mediante ciertos parámetros, posiblemente modificando valores de tamaño de mensaje y causando un desbordamiento de búfer.

A privilege elevation vulnerability exists in the POSIX subsystem. This vulnerability could allow a logged on user to take complete control of the system.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Act

Exploitation

Active

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2004-03-11 CVE Reserved
2004-07-14 CVE Published
2004-07-16 First Exploit
2022-03-03 Exploited in Wild
2022-03-24 KEV Due Date
2024-12-23 EPSS Updated
2025-02-07 CVE Updated

CWE

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CAPEC

References (7)

URL	Tag	Source
https://exchange.xforce.ibmcloud.com/vulnerabilities/16590	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2166	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2847	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/24277	2004-07-16

URL	Date	SRC
http://www.kb.cert.org/vuls/id/647436	2019-04-30
http://www.us-cert.gov/cas/techalerts/TA04-196A.html	2019-04-30

URL	Date	SRC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-020	2019-04-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Avaya Search vendor "Avaya"		Modular Messaging Message Storage Server Search vendor "Avaya" for product "Modular Messaging Message Storage Server"				s3400 Search vendor "Avaya" for product "Modular Messaging Message Storage Server" and version "s3400"		-		Affected
Microsoft Search vendor "Microsoft"		Windows 2000 Search vendor "Microsoft" for product "Windows 2000"				*		sp2		Affected
Microsoft Search vendor "Microsoft"		Windows 2000 Search vendor "Microsoft" for product "Windows 2000"				*		sp3		Affected
Microsoft Search vendor "Microsoft"		Windows 2000 Search vendor "Microsoft" for product "Windows 2000"				*		sp4		Affected
Microsoft Search vendor "Microsoft"		Windows Nt Search vendor "Microsoft" for product "Windows Nt"				4.0 Search vendor "Microsoft" for product "Windows Nt" and version "4.0"		sp6, alpha		Affected
Microsoft Search vendor "Microsoft"		Windows Nt Search vendor "Microsoft" for product "Windows Nt"				4.0 Search vendor "Microsoft" for product "Windows Nt" and version "4.0"		sp6, terminal_server		Affected
Microsoft Search vendor "Microsoft"		Windows Nt Search vendor "Microsoft" for product "Windows Nt"				4.0 Search vendor "Microsoft" for product "Windows Nt" and version "4.0"		sp6a, enterprise_server		Affected
Microsoft Search vendor "Microsoft"		Windows Nt Search vendor "Microsoft" for product "Windows Nt"				4.0 Search vendor "Microsoft" for product "Windows Nt" and version "4.0"		sp6a, server		Affected
Microsoft Search vendor "Microsoft"		Windows Nt Search vendor "Microsoft" for product "Windows Nt"				4.0 Search vendor "Microsoft" for product "Windows Nt" and version "4.0"		sp6a, workstation		Affected