发布时间 :2004-11-03 00:00:00
修订时间 :2008-09-10 15:25:31

[原文]The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.

[CNNVD]Microsoft Windows内核本地拒绝服务漏洞(MS04-032)(CNNVD-200411-021)

        Microsoft Windows是一款微软开发的操作系统。
        Microsoft Windows内核存在一个本地拒绝服务问题,本地攻击者可以利用这个漏洞运行程序使系统停止响应。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:4893Microsoft Windows Kernel Local Denial of Service

- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  XF  win-ms04032-patch(17658)
(VENDOR_ADVISORY)  XF  win2k3-kernel-cpu-dos(16582)

- 漏洞信息

Microsoft Windows内核本地拒绝服务漏洞(MS04-032)
低危 设计错误
2004-11-03 00:00:00 2005-10-20 00:00:00
        Microsoft Windows是一款微软开发的操作系统。
        Microsoft Windows内核存在一个本地拒绝服务问题,本地攻击者可以利用这个漏洞运行程序使系统停止响应。

- 公告与补丁

        MS04-032:Security Update for Microsoft Windows (840987)

        Microsoft Windows NT Server 4.0 Service Pack 6a

        Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6

        Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

        Microsoft Windows XP and Microsoft Windows XP Service Pack 1

        Microsoft Windows XP 64-Bit Edition Service Pack 1

        Microsoft Windows XP 64-Bit Edition Version 2003

        Microsoft Windows Server? 2003

        Microsoft Windows Server 2003 64-Bit Edition

- 漏洞信息

Microsoft Windows Unspecified Kernel Local DoS
Local Access Required Denial of Service
Loss of Availability
Exploit Unknown

- 漏洞描述

Windows contains a flaw related to the kernel that may allow an attacker to perform a local DoS by running a program. No further details have been provided.

- 时间线

2004-10-12 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Microsoft Windows Kernel Local Denial of Service Vulnerability
Design Error 11365
No Yes
2004-10-12 12:00:00 2008-12-10 11:32:00
Discovery is credited to hlt <>.

- 受影响的程序版本

Microsoft Windows Server 2003 Standard x64 Edition
Microsoft Windows Server 2003 Enterprise x64 Edition
Microsoft Windows Server 2003 Datacenter x64 Edition
Avaya S8100 Media Servers 0
+ Microsoft Windows 2000 Server
+ Microsoft Windows NT Server 4.0 SP6a
Avaya S3400 Message Application Server 0
+ Microsoft Windows 2000 Server
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya IP600 Media Servers
Avaya DefinityOne Media Servers

- 漏洞讨论

The Microsoft Windows kernel is prone to a denial-of-service vulnerability that can allow a local attacker to cause a vulnerable computer to stop responding and to restart.

This issue does not pose a privilege-escalation threat.

- 漏洞利用

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at:

- 解决方案

Microsoft has released a bulletin that includes fixes to address this issue for supported versions of the operating system.

- 相关参考