CVE-2009-1929

EPSS 72.73%
Veröffentlicht 12.08.2009 17:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2; or 5.2 or 6.1 on Windows XP SP3; allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Remote Desktop Connection ActiveX Control Heap Overflow Vulnerability."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows 2003 Server Versionsp2

Microsoft ≫ Windows 2003 Server Versionsp2 Editionitanium

Microsoft ≫ Windows 2003 Server Versionsp2 Editionx64

Microsoft ≫ Windows Server 2008 Editionitanium

Microsoft ≫ Windows Server 2008 Updatesp2 Editionx64

Microsoft ≫ Windows Server 2008 Version- Update- Editionx32

Microsoft ≫ Windows Server 2008 Version- Update- Editionx64

Microsoft ≫ Windows Server 2008 Version- Updatesp2 Editionitanium

Microsoft ≫ Windows Server 2008 Version- Updatesp2 Editionx86

Microsoft ≫ Windows Vista Updatesp1

Microsoft ≫ Windows Vista Updatesp2

Microsoft ≫ Windows Vista Version- Update- Editionx64

Microsoft ≫ Windows Xp Updatesp2 Editionx64

Microsoft ≫ Windows Xp Version- Updatesp2

Microsoft ≫ Windows Xp Version- Updatesp3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	72.73%	0.987

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.us-cert.gov/cas/techalerts/TA09-223A.html

US Government Resource

http://secunia.com/advisories/36229

Vendor Advisory

http://www.securitytracker.com/id?1022709

http://www.vupen.com/english/advisories/2009/2238

Patch

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-044

http://osvdb.org/56912

http://www.securityfocus.com/bid/35973

Patch

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6329

https://nvd.nist.gov/vuln/detail/CVE-2009-1929

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1929

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1929

EUVD