CVE - CVE-2005-2827

CVE-ID
CVE-2005-2827	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure Call (APC) entries to free the wrong data, aka the "Windows Kernel Vulnerability."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:15826 URL:http://www.securityfocus.com/bid/15826 BUGTRAQ:20051213 [EEYEB-20050523] Windows Kernel APC Data-Free Local Privilege Escalation Vulnerability URL:http://www.securityfocus.com/archive/1/419377/100/0/threaded CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf EEYE:EEYEB-20050523 EEYE:EEYEB-20051213 URL:~~http://www.eeye.com/html/research/advisories/AD20051213.html~~ (Obsolete source) MISC:http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420 MS:MS05-055 URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-055 OSVDB:18823 URL:~~http://www.osvdb.org/18823~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:1583 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1583 SECTRACK:1015347 URL:http://securitytracker.com/id?1015347 SECUNIA:15821 URL:http://secunia.com/advisories/15821 SECUNIA:18064 URL:http://secunia.com/advisories/18064 SECUNIA:18311 URL:http://secunia.com/advisories/18311 SREASON:252 URL:http://securityreason.com/securityalert/252 VUPEN:ADV-2005-2868 URL:~~http://www.vupen.com/english/advisories/2005/2868~~ (Obsolete source) VUPEN:ADV-2005-2909 URL:~~http://www.vupen.com/english/advisories/2005/2909~~ (Obsolete source) XF:win-apc-gain-privileges(23447) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/23447
Assigning CNA
Microsoft Corporation
Date Record Created
20050907	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20050907)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)