CVE-2005-2827

Windows NT 4.0-2000 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2827. PoCs published by SoBeIt.

AI-analyzed exploit summary This is a functional local privilege escalation exploit for CVE-2005-2827, targeting a Windows Kernel APC vulnerability. It manipulates kernel memory structures to escalate privileges by exploiting a data-free condition in the APC handling mechanism.

Description

The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure Call (APC) entries to free the wrong data, aka the "Windows Kernel Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED
by SoBeIt · clocalwindows
https://www.exploit-db.com/exploits/1407

This is a functional local privilege escalation exploit for CVE-2005-2827, targeting a Windows Kernel APC vulnerability. It manipulates kernel memory structures to escalate privileges by exploiting a data-free condition in the APC handling mechanism.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Microsoft Windows 2000 SP4 (and potentially other versions)
Auth required
Prerequisites: Local access to the target system · Ability to execute arbitrary code on the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (16)

Core 16
Core References
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15826
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18064
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2868
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2909
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23447
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18311
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1583
Various Sources third-party-advisory x_refsource_eeye
http://www.eeye.com/html/research/advisories/AD20051213.html
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/252
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/419377/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015347
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/18823
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/15821

Scores

EPSS 0.0272
EPSS Percentile 84.1%

Details

Status published
Products (2)
microsoft/windows_2000 (5 CPE variants)
microsoft/windows_nt 4.0
Published Dec 14, 2005
Tracked Since Feb 18, 2026