6.9

CVE-2009-0079

EPSS 0.65%
Published 15.04.2009 08:00:00
Last modified 09.04.2025 00:30:58
Source secure@microsoft.com
Teams watchlist Login
Open Login

The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows Server 2003

Microsoft ≫ Windows Server 2003 Updatesp1

Microsoft ≫ Windows Server 2003 Updatesp1 Editionitanium

Microsoft ≫ Windows Server 2003 Updatesp2

Microsoft ≫ Windows Xp Editionpro_x64

Microsoft ≫ Windows Xp Updatesp2

Microsoft ≫ Windows Xp Updatesp2 Editionpro_x64

Microsoft ≫ Windows Xp Updatesp3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.65%	0.699

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

http://www.us-cert.gov/cas/techalerts/TA09-104A.html

US Government Resource

http://www.vupen.com/english/advisories/2009/1026

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012

http://www.securitytracker.com/id?1022044

http://osvdb.org/53667

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6147

https://nvd.nist.gov/vuln/detail/CVE-2009-0079

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0079

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0079

EUVD