4.6

CVE-2009-2653

Exploit

EPSS 2.26%
Published 03.08.2009 14:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location.  NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.

Affected products Warnungen 0 Metrics 2 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows Server 2003

Microsoft ≫ Windows Xp Version- Updatesp2

Microsoft ≫ Windows Xp Version- Updatesp3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.26%	0.841

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

http://blogs.technet.com/srd/archive/2009/06/11/latest-baidu-public-posting-requires-adminisrator-to-elevate.aspx

http://hi.baidu.com/azy0922/blog/item/f950cbc2890729130ef47783.html

Exploit

http://osvdb.org/56780

http://securitytracker.com/id?1022630

http://www.exploit-db.com/exploits/9301

http://www.ntinternals.org/index.html#09_07_30

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2009-2653

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2653

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2653

EUVD