9
CVE-2009-1544
- EPSS 34.53%
- Veröffentlicht 12.08.2009 17:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
- Quelle secure@microsoft.com
- Teams Watchlist Login
- Unerledigt Login
Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows 2003 Server Versionsp2
Microsoft ≫ Windows 2003 Server Versionsp2 Editionitanium
Microsoft ≫ Windows 2003 Server Versionsp2 Editionx64
Microsoft ≫ Windows Server 2008 Editionitanium
Microsoft ≫ Windows Server 2008 Updatesp2 Editionx64
Microsoft ≫ Windows Server 2008 Version- Update- Editionx32
Microsoft ≫ Windows Server 2008 Version- Update- Editionx64
Microsoft ≫ Windows Server 2008 Version- Updatesp2 Editionitanium
Microsoft ≫ Windows Server 2008 Version- Updatesp2 Editionx86
Microsoft ≫ Windows Vista Updatesp1
Microsoft ≫ Windows Vista Updatesp2
Microsoft ≫ Windows Vista Version- Update- Editionx64
Microsoft ≫ Windows Xp Updatesp2 Editionx64
Microsoft ≫ Windows Xp Version- Updatesp2
Microsoft ≫ Windows Xp Version- Updatesp3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 34.53% | 0.969 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-415 Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.