CVE-2004-0893

CWE-494 documents4 sources

Severity

7.2HIGH

EPSS

1.3%

top 20.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 2003 Server Microsoft Windows NT

Timeline

PublishedJan 10

Latest updateApr 29

Description

The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/windows_2003_server6 versions+5

▶NVDmicrosoft/windows_nt4.0

🔴Vulnerability Details

GHSA

GHSA-rm55-79mv-22rp: The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4↗2022-04-29

▶

CVEList

CVE-2004-0893: The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4↗2004-12-15

▶

📐Framework References

CWE

Path Equivalence: 'filename/' (Trailing Slash)

▶