Kernel Memory Modification and Execution Flow Manipulation in Windows NT 4.0 and 2000

Kernel Memory Modification and Execution Flow Manipulation in Windows NT 4.0 and 2000

CVE-2005-2827 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure Call (APC) entries to free the wrong data, aka the "Windows Kernel Vulnerability."

Learn more about our User Device Pen Test.