CVE-2003-0910

Windows NT and Windows 2000 - Local Privilege Escalation via NtSetLdtEntries

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0910. PoCs published by [email protected].

AI-analyzed exploit summary This exploit leverages a privilege escalation vulnerability in the Microsoft Windows Local Descriptor Table (LDT) programming interface. It manipulates LDT entries to point into protected kernel memory, allowing arbitrary code execution with elevated privileges.

Description

The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory.

Exploits (1)

exploitdb WORKING POC VERIFIED
by [email protected] · clocalwindows
https://www.exploit-db.com/exploits/23989

This exploit leverages a privilege escalation vulnerability in the Microsoft Windows Local Descriptor Table (LDT) programming interface. It manipulates LDT entries to point into protected kernel memory, allowing arbitrary code execution with elevated privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows 2000 Professional SP4
Auth required
Prerequisites: Local access to the target system · Knowledge of kernel memory addresses
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (10)

Core 10
Core References
Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac
http://www.ciac.org/ciac/bulletins/o-114.shtml
Mailing List mailing-list x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020068.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A911
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A890
Patch, Vendor Advisory third-party-advisory x_refsource_eeye
http://www.eeye.com/html/Research/Advisories/AD20040413D.html
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA04-104A.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10122
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15707
Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/122076

Scores

EPSS 0.2763
EPSS Percentile 97.8%

Details

Status published
Products (2)
microsoft/windows_2000
microsoft/windows_nt 4.0
Published Jun 01, 2004
Tracked Since Feb 18, 2026