Unrated severityNVD Advisory· Published Feb 9, 2011· Updated Jun 16, 2026
CVE-2011-0039
CVE-2011-0039
Description
The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
- (no CPE)range: SP2
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
- (no CPE)range: SP2, SP3
Patches
Vulnerability mechanics
References
6- secunia.com/advisories/43253nvdVendor Advisory
- www.vupen.com/english/advisories/2011/0327nvdVendor Advisory
- www.securityfocus.com/bid/46152nvd
- www.securitytracker.com/idnvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-014nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12537nvd
News mentions
0No linked articles in our index yet.