CVE-2011-0039

2011-02-0901:00:08

CWE-287

[email protected]

web.nvd.nist.gov

windows

server 2003

lsass

local security authority subsystem service

privilege escalation

vulnerability

cve-2011-0039

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

38.8%

JSON

The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka “LSASS Length Validation Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_2003_serversp2

microsoftwindows_2003_serversp2itanium

microsoftwindows_2003_serversp2x64

microsoftwindows_xpsp3

microsoftwindows_xpMatch-sp2x64

CPENameOperatorVersion
microsoft:windows_2003_servermicrosoft windows 2003 servereq*
microsoft:windows_xpmicrosoft windows xpeq*
microsoft:windows_xpmicrosoft windows xpeq-