7.8

CVE-2009-1123

Warnung
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 2000 Version- Updatesp4
MicrosoftWindows Server 2003 Version- Updatesp2
MicrosoftWindows Server 2008 Version- Updatesp2
MicrosoftWindows Vista Version- Updatesp1
MicrosoftWindows Vista Version- Updatesp2
MicrosoftWindows Xp Version- Updatesp2 SwEdition-
MicrosoftWindows Xp Version- Updatesp2 SwEditionprofessional
MicrosoftWindows Xp Version- Updatesp3

03.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Windows Improper Input Validation Vulnerability

Schwachstelle

The kernel in Microsoft Windows does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.92% 0.91
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.us-cert.gov/cas/techalerts/TA09-160A.html
Third Party Advisory
US Government Resource
Broken Link
http://osvdb.org/54940
Broken Link
http://secunia.com/advisories/35372
Broken Link
http://www.securitytracker.com/id?1022359
Third Party Advisory
Broken Link
VDB Entry
http://www.vupen.com/english/advisories/2009/1544
Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-025
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6206
Broken Link
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-1123
US Government Resource