4.6

CVE-2009-2653

Exploit

EPSS 2.26%
Veröffentlicht 03.08.2009 14:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location.  NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows Server 2003

Microsoft ≫ Windows Xp Version- Updatesp2

Microsoft ≫ Windows Xp Version- Updatesp3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.26%	0.84

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

http://blogs.technet.com/srd/archive/2009/06/11/latest-baidu-public-posting-requires-adminisrator-to-elevate.aspx

http://hi.baidu.com/azy0922/blog/item/f950cbc2890729130ef47783.html

Exploit

http://osvdb.org/56780

http://securitytracker.com/id?1022630

http://www.exploit-db.com/exploits/9301

http://www.ntinternals.org/index.html#09_07_30

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2009-2653

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2653

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2653

EUVD