CVE-2009-1123
CVE-2009-1123
In short
A flaw in the Windows kernel fails to properly check changes to certain system objects, allowing someone with local access to run a malicious program that tricks the system into giving them administrator privileges.
Technical detail
The Windows kernel insufficiently validates modifications to unspecified kernel objects, enabling local privilege escalation via a crafted application. Attack vector requires local access and execution of malicious code; impact results in complete system compromise with elevated privileges.
Summary generated and translated by AI from the official description.
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://osvdb.org/54940https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-025http://secunia.com/advisories/35372https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6206https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-1123http://www.securitytracker.com/id?1022359http://www.us-cert.gov/cas/techalerts/TA09-160A.htmlhttp://www.vupen.com/english/advisories/2009/1544