CVE-2009-1123

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/54940	Broken Link
http://secunia.com/advisories/35372	Broken Link
http://www.securitytracker.com/id?1022359	Broken Link Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA09-160A.html	Broken Link Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2009/1544	Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-025	Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6206	Broken Link

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_2000:-:sp4::::::
	cpe:2.3:o:microsoft:windows_server_2003:-:sp2::::::
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::
	cpe:2.3:o:microsoft:windows_vista:-:sp1::::::
	cpe:2.3:o:microsoft:windows_vista:-:sp2::::::
	cpe:2.3:o:microsoft:windows_xp:-:sp2:::-:::*
	cpe:2.3:o:microsoft:windows_xp:-:sp2:::professional:::*
	cpe:2.3:o:microsoft:windows_xp:-:sp3::::::

History

No history.

Information

Published : 2009-06-10 18:30

Updated : 2024-07-16 17:39

NVD link : CVE-2009-1123

Mitre link : CVE-2009-1123

CVE.ORG link : CVE-2009-1123

JSON object : View

Products Affected

microsoft

windows_server_2003
windows_vista
windows_server_2008
windows_2000
windows_xp

CWE

NVD-CWE-noinfo

{"id": "CVE-2009-1123", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2009-06-10T18:30:00.327", "references": [{"url": "http://osvdb.org/54940", "tags": ["Broken Link"], "source": "secure@microsoft.com"}, {"url": "http://secunia.com/advisories/35372", "tags": ["Broken Link"], "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id?1022359", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html", "tags": ["Broken Link", "Third Party Advisory", "US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2009/1544", "tags": ["Broken Link"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-025", "tags": ["Patch", "Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6206", "tags": ["Broken Link"], "source": "secure@microsoft.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka \"Windows Kernel Desktop Vulnerability.\""}, {"lang": "es", "value": "El kernel en Microsoft Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 SP2 no valida adecuadamente los cambios en objetos del kernel no especificados, lo que permite a usuarios locales obtener privilegios a trav\u00e9s de una aplicaci\u00f3n manipulada, tambi\u00e9n conocida como \"Vulnerabilidad de escritorio en el kernel de Windows\"."}], "lastModified": "2024-07-16T17:39:03.503", "cisaActionDue": "2022-03-24", "cisaExploitAdd": "2022-03-03", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D929AA2-EE0B-4AA1-805D-69BCCA11B77F"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A04E39A-623E-45CA-A5FC-25DAA0F275A3"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "A6FBF171-B6B6-4244-AE1A-8E09FE44161E"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:*:*", "vulnerable": true, "matchCriteriaId": "68592FA5-6CD3-41A3-A4DA-C1C472297FF2"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Microsoft Windows Improper Input Validation Vulnerability"}

7.8 /10