CVE-2004-2339

Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed

Published: Dec 31, 2004
Updated: Nov 8, 2023
CVE: CVE-2004-2339
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / windows_2000	-	-
microsoft / windows_2003_server	r2	r2.x
microsoft / windows_xp	-	-

http://archives.neohapsis.com/archives/bugtraq/2004-02/0529.html
http://archives.neohapsis.com/archives/bugtraq/2004-02/0530.html
http://www.securityfocus.com/archive/1/354392
http://www.securitytracker.com/id?1009128
https://exchange.xforce.ibmcloud.com/vulnerabilities/15263

Vulnerability Database

289,599

CVE-2004-2339