CVE-2004-0894

Windows 2000/2003 - Privilege Escalation

Title source: llm

Description

LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Cesar Cerrudo · c++localwindows

https://www.exploit-db.com/exploits/749

View Code ZIP pw:eip

References (8)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/18340

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-044

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1888

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2062

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3312

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3325

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4368

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A778

Scores

EPSS 0.0107

EPSS Percentile 77.8%

Details

Status published

Products (8)

microsoft/windows_2000 (5 CPE variants)

microsoft/windows_2003_server datacenter_64-bit sp1_beta_1

microsoft/windows_2003_server enterprise (2 CPE variants)

microsoft/windows_2003_server enterprise_64-bit (2 CPE variants)

microsoft/windows_2003_server r2 (3 CPE variants)

microsoft/windows_2003_server standard (2 CPE variants)

microsoft/windows_2003_server web (2 CPE variants)

microsoft/windows_xp (9 CPE variants)

Published Jan 10, 2005

Tracked Since Feb 18, 2026