| Vulnerability Name: | CVE-2004-2527 (CCN-16851) | ||||||||
| Assigned: | 2004-08-01 | ||||||||
| Published: | 2004-08-01 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running. The DoS flaw affects slower machines and those with less ram quicker than higher specification machines. On very hi-spec machines, the flaw does not seem to be exploitable. | ||||||||
| CVSS v3 Severity: | 5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
| ||||||||
| CVSS v2 Severity: | 5.4 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Sun Aug 01 2004 - 19:35:20 CDT Remotely Exploitable DoS Flaw in XP and 2003 Source: FULLDISC Type: Exploit, Vendor Advisory 20040801 Remotely Exploitable DoS Flaw in XP and 2003 Source: MITRE Type: CNA CVE-2004-2527 Source: CCN Type: SECTRACK ID: 1010836 Windows Remote Desktop May Let Remote Users Crash the System Source: SECTRACK Type: UNKNOWN 1010836 Source: CCN Type: Microsoft Corporation Web site Windows XP Service Pack 2 Release Candidate 2 Preview Source: OSVDB Type: Exploit, Patch, Vendor Advisory 8368 Source: CCN Type: OSVDB ID: 8368 Microsoft Windows XP/2003 Login Screen Consumption DoS Source: XF Type: UNKNOWN win-winkey-u-dos(16851) Source: XF Type: UNKNOWN win-winkey-u-dos(16851) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||