eEye Security Advisory – Windows VDM #UD Local Privilege Escalation. Describes in more detail but with different terminology the “shatter” attacks corrected by MS04-032, and also discussed in a paper by Brett Moore.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/34691/eeye.AD20041012-shatter-attacks.txt
Source: https://packetstormsecurity.com/files/34691/eEye-Security-Advisory-2004-10-12.html