漏洞信息详情

Microsoft Windows Kernel Virtual DOS Machine特权提升漏洞

• CNNVD编号：CNNVD-200411-010
• 危害等级： 高危
  
• CVE编号： CVE-2004-0208
• 漏洞类型： 访问验证错误
• 发布时间： 2004-11-03
• 威胁类型： 本地
• 更新时间： 2005-10-20
• 厂        商： microsoft
• 漏洞来源： Discovery is credi...

漏洞简介

Microsoft Windows NT 4.0版本，Windows 2000版本，Windows XP版本和Windows Server 2003版本的Virtual DOS Machine (VDM)子系统存在漏洞。本地用户可以借助恶意程序进入核心内存以及提升特权，该恶意程序以一种通过授予操作系统函数特权来不恰当验证的方式修改一些系统结构。

漏洞公告

Avaya has released an advisory that acknowlEdges this vulnerability for Avaya products. Customers are advised to follow Microsoft's guidance for applying patches. Please see the referenced Avaya advisory at the following location for further details: http://support.avaya.com/jCMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple/CSS/jCMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=203487&PAGE=avaya.CSS.CSSLvl1Detail&executeTransaction=avaya.CSS.UsageUpdate() Microsoft has released a bulletin that includes fixes to address this issue for supported versions of the operating system. Microsoft Windows NT Server 4.0 SP6a

• Microsoft Security Update for Windows NT Server 4.0 (KB840987) http://www.microsoft.com/downloads/details.aspx?familyid=533AE5CD-74CE -470A-8916-8E358084497C&displaylang=en

Microsoft Windows NT Terminal Server 4.0 SP6a

• Microsoft Security Update for Windows NT Server 4.0 (KB840987) http://www.microsoft.com/downloads/details.aspx?familyid=533AE5CD-74CE -470A-8916-8E358084497C&displaylang=en

Microsoft Windows NT Terminal Server 4.0 SP6

• Microsoft Security Update for Windows NT Server 4.0, Terminal Server Edition (KB840987) http://www.microsoft.com/downloads/details.aspx?familyid=3B871A96-5F64 -4432-920F-FA5760DF683A&displaylang=en

Microsoft Windows XP Professional

• Microsoft Security Update for Windows XP (KB840987) http://www.microsoft.com/downloads/details.aspx?familyid=715E985B-7929 -4BD5-9564-5CFE7D528398&displaylang=en

Microsoft Windows NT Workstation 4.0 SP6a

• Microsoft Security Update for Windows NT Server 4.0 (KB840987) http://www.microsoft.com/downloads/details.aspx?familyid=533AE5CD-74CE -470A-8916-8E358084497C&displaylang=en

Microsoft Windows XP 64-bit Edition SP1

• Microsoft Security Update for Windows XP 64-bit Edition (KB840987) http://www.microsoft.com/downloads/details.aspx?familyid=99184841-70A8 -47C7-9993-44A60E999A40&displaylang=en

Microsoft Windows 2000 Advanced Server SP4

• Microsoft Security Update for Windows 2000 (KB840987) http://www.microsoft.com/downloads/details.aspx?familyid=4A614222-BA0B -4927-856D-D443BBBE1A42&displaylang=en

Microsoft Windows 2000 Professional SP3

• Microsoft Security Update for Windows 2000 (KB840987) http://www.microsoft.com/downloads/details.aspx?familyid=4A614222-BA0B -4927-856D-D443BBBE1A42&displaylang=en

Microsoft Windows 2000 Datacenter Server SP4

• Microsoft Security Update for Windows 2000 (KB840987) http://www.microsoft.com/downloads/details.aspx?familyid=4A614222-BA0B -4927-856D-D443BBBE1A42&displaylang=en

Microsoft Windows XP Home

• Microsoft Security Update for Windows XP (KB840987) http://www.microsoft.com/downloads/details.aspx?familyid=715E985B-7929 -4BD5-9564-5CFE7D528398&displaylang=en

Microsoft Windows 2000 Advanced Server SP3

• Microsoft Security Update for Windows 2000 (KB840987) http://www.microsoft.com/downloads/details.aspx?familyid=4A614222-BA0B -4927-856D-D443BBBE1A42&displaylang=en

Microsoft Windows XP Home SP1

• Microsoft Security Update for Windows XP (KB840987) http://www.microsoft.com/downloads/details.aspx?familyid=715E985B-7929 -4BD5-9564-5CFE7D528398&displaylang=en

Microsoft Windows 2000 Datacenter Server SP3

• Microsoft Security Update for Windows 2000 (KB840987) http://www.microsoft.com/downloads/details.aspx?familyid=4A614222-BA0B -4927-856D-D443BBBE1A42&displaylang=en

Microsoft Windows 2000 Server SP3

• Microsoft Security Update for Windows 2000 (KB840987) http://www.microsoft.com/downloads/details.aspx?familyid=4A614222-BA0B -4927-856D-D443BBBE1A42&displaylang=en

Microsoft Windows XP 64-bit Edition Version 2003

• Microsoft Security Update for Windows Server 2003 64-Bit and Windows XP 64-Bit Version 2003 (KB840987) http://www.microsoft.com/downloads/details.aspx?familyid=B4E6BBCF-F5B9 -4B2D-8BC4-30911CA4FD9C&displaylang=en

Microsoft Windows NT Enterprise Server 4.0 SP6a

• Microsoft Security Update for Windows NT Server 4.0 (KB840987) http://www.microsoft.com/downloads/details.aspx?familyid=533AE5CD-74CE -470A-8916-8E358084497C&displaylang=en

Microsoft Windows 2000 Server SP4

• Microsoft Security Update for Windows 2000 (KB840987) http://www.microsoft.com/downloads/details.aspx?familyid=4A614222-BA0B -4927-856D-D443BBBE1A42&displaylang=en

Microsoft Windows 2000 Professional SP4

• Microsoft Security Update for Windows 2000 (KB840987) http://www.microsoft.com/downloads/details.aspx?familyid=4A614222-BA0B -4927-856D-D443BBBE1A42&displaylang=en

Microsoft Windows XP Professional SP1

• Microsoft Security Update for Windows XP (KB840987) http://www.microsoft.com/downloads/details.aspx?familyid=715E985B-

参考网址

来源:US-CERT Vulnerability Note: VU#910998 名称: VU#910998 链接:http://www.kb.cert.org/vuls/id/910998 来源: XF 名称: win-ms04032-patch(17658) 链接:http://xforce.iss.net/xforce/xfdb/17658 来源: XF 名称: win-vdm-gain-privilege(16580) 链接:http://xforce.iss.net/xforce/xfdb/16580 来源: MS 名称: MS04-032 链接:http://www.microsoft.com/technet/security/bulletin/ms04-032.asp 来源: BUGTRAQ 名称: 20041013 EEYE: Windows VDM #UD Local Privilege Escalation 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109772135404427&w=2 来源: US Government Resource: oval:org.mitre.oval:def:4762 名称: oval:org.mitre.oval:def:4762 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4762 来源: US Government Resource: oval:org.mitre.oval:def:4316 名称: oval:org.mitre.oval:def:4316 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4316 来源: US Government Resource: oval:org.mitre.oval:def:3953 名称: oval:org.mitre.oval:def:3953 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3953 来源: US Government Resource: oval:org.mitre.oval:def:3161 名称: oval:org.mitre.oval:def:3161 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3161 来源: US Government Resource: oval:org.mitre.oval:def:1751 名称: oval:org.mitre.oval:def:1751 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1751

受影响实体

• Microsoft Windows_xp:Gold  
• Microsoft Windows_nt:4.0  
• Microsoft Windows_2003_server:R2  
• Microsoft Windows_2000  

补丁

暂无