Vulnerability Details CVE-2004-0894
LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.4%
CVSS Severity
CVSS v2 Score 7.2
References
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-044
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18340
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1888
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2062
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3312
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3325
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4368
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A778
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-044
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18340
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1888
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2062
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3312
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3325
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4368
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A778
Products affected by CVE-2004-0894
-
cpe:2.3:o:microsoft:windows_2000:-
-
cpe:2.3:o:microsoft:windows_2000:beta3
-
cpe:2.3:o:microsoft:windows_2003_server:datacenter_64-bit
-
cpe:2.3:o:microsoft:windows_2003_server:enterprise
-
cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit
-
cpe:2.3:o:microsoft:windows_2003_server:r2
-
cpe:2.3:o:microsoft:windows_2003_server:standard
-
cpe:2.3:o:microsoft:windows_2003_server:web
-
cpe:2.3:o:microsoft:windows_xp:*
-
cpe:2.3:o:microsoft:windows_xp:-