CVE-2003-0910
Description
The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Local users can gain kernel-level code execution via NtSetLdtEntries by crafting an expand-down data segment descriptor that points to protected memory.
Vulnerability
A vulnerability in the NtSetLdtEntries function of the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows a local attacker to gain access to kernel memory and execute arbitrary code [1][2]. The issue arises when the function fails to properly validate an expand-down data segment descriptor that points to protected memory. Affected versions include Windows NT Workstation 4.0 Service Pack 6a, Windows NT Server 4.0 Service Pack 6a, Windows NT Server 4.0 Terminal Server Edition Service Pack 6, and Windows 2000 Service Pack 2/3/4 [1].
Exploitation
An attacker must have local access to the system and the ability to call the NtSetLdtEntries API with a specially crafted descriptor. Exploitation requires no user interaction beyond the attacker's own actions, as the function is exposed to user-mode processes [2]. The attacker supplies an expand-down data segment descriptor that references kernel memory, bypassing the intended access controls.
Impact
Successful exploitation allows a local attacker to execute arbitrary code in the kernel context, gaining full control over the system [1][2]. This includes the ability to read and write kernel memory, elevate privileges to the highest level (SYSTEM), and compromise the confidentiality, integrity, and availability of the entire operating system.
Mitigation
Microsoft released a security update as part of MS04-011 on April 13, 2004, which fixes the vulnerability [1]. The update is available for all affected versions of Windows NT 4.0 and Windows 2000. No workaround is listed; applying the update is the only recommended mitigation. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities Catalog.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
- (no CPE)
- cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- www.eeye.com/html/Research/Advisories/AD20040413D.htmlnvdPatchVendor Advisory
- www.kb.cert.org/vuls/id/122076nvdPatchThird Party AdvisoryUS Government Resource
- www.us-cert.gov/cas/techalerts/TA04-104A.htmlnvdThird Party AdvisoryUS Government Resource
- lists.grok.org.uk/pipermail/full-disclosure/2004-April/020068.htmlnvd
- www.ciac.org/ciac/bulletins/o-114.shtmlnvd
- www.securityfocus.com/bid/10122nvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/15707nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A890nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A911nvd
News mentions
0No linked articles in our index yet.