CVE-2005-3981

Microsoft Windows XP-2003 - Local Privilege Escalation

Title source: llm

Description

NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nima Salehi · cdoswindows

https://www.exploit-db.com/exploits/26690

View Code ZIP pw:eip

References (3)

[Exploit] http://www.securityfocus.com/bid/15671/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/418289/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/418431/100/0/threaded

Scores

EPSS 0.0068

EPSS Percentile 71.7%

Details

Status published

Products (6)

microsoft/windows_2000 (5 CPE variants)

microsoft/windows_2003_server enterprise (2 CPE variants)

microsoft/windows_2003_server r2 (2 CPE variants)

microsoft/windows_2003_server standard (2 CPE variants)

microsoft/windows_2003_server web (2 CPE variants)

microsoft/windows_xp (8 CPE variants)

Published Dec 04, 2005

Tracked Since Feb 18, 2026