Vulnerability CVE-2004-0207 - CERT Civis.Net

Vulnerability Name:

CVE-2004-0207 (CCN-16579)

Assigned:

2004-10-12

Published:

2004-10-12

Updated:

2018-10-12

Summary:

"Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: CCN
Type: BugTraq Mailing List, Wed Oct 13 2004 - 18:13:34 CDT
SetWindowLong Shatter Attacks

Source: MITRE
Type: CNA
CVE-2004-0207

Source: BUGTRAQ
Type: UNKNOWN
20041013 SetWindowLong Shatter Attacks

Source: CCN
Type: CIAC Information Bulletin P-008
Microsoft Security Update for Microsoft Windows (840987)

Source: CCN
Type: US-CERT VU#218526
Microsoft Windows contains vulnerability in Window Management API

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#218526

Source: CCN
Type: Microsoft Security Bulletin MS04-032
Security Update for Microsoft Windows (840987)

Source: CCN
Type: Microsoft Security Bulletin MS05-018
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859)

Source: CCN
Type: BID-11378
Microsoft Window Management API Local Privilege Escalation Vulnerability

Source: MS
Type: UNKNOWN
MS04-032

Source: XF
Type: UNKNOWN
win-mngmt-api-gain-privileges(16579)

Source: XF
Type: UNKNOWN
win-mngmt-api-gain-privileges(16579)

Source: XF
Type: UNKNOWN
win-ms04032-patch(17658)

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_98:*:gold:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:gold:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:microsoft:windows_98:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_me:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:xp:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:-:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp6a:*:*:server:*:x86:*

OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp6:*:*:terminal_server:*:x86:*

OR cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:x64:*

Denotes that component is vulnerable