Vulnerability Details : CVE-2004-0118
The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.
Vulnerability category: Execute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2004-0118
Probability of exploitation activity in the next 30 days: 2.80%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2004-0118
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
References for CVE-2004-0118
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/15714
-
http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020070.html
-
http://www.us-cert.gov/cas/techalerts/TA04-104A.html
Page Not Found | CISAThird Party Advisory;US Government Resource
-
http://www.eeye.com/html/Research/Advisories/AD20040413E.html
Patch;Vendor Advisory
- http://www.ciac.org/ciac/bulletins/o-114.shtml
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1512
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011
Microsoft Security Bulletin MS04-011 - Critical | Microsoft Learn
-
http://www.securityfocus.com/bid/10117
-
http://www.kb.cert.org/vuls/id/783748
Patch;Third Party Advisory;US Government Resource
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1718
Products affected by CVE-2004-0118
- cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*