Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2009-0080
HistoryApr 15, 2009 - 8:00 a.m.

CVE-2009-0080

2009-04-1508:00:00
CWE-269
[email protected]
web.nvd.nist.gov
32
4
threadpool
windows vista
server 2008
weakness vulnerability
security
privilege escalation

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.0%

JSON

The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by leveraging incorrect thread ACLs to access the resources of one of the processes, aka β€œWindows Thread Pool ACL Weakness Vulnerability.”

Affected configurations

NVD
Node
microsoftwindows_server_2008Match-
OR
microsoftwindows_vistaMatch-
OR
microsoftwindows_vistaMatch-x64
OR
microsoftwindows_vistaMatch-sp1
OR
microsoftwindows_vistaMatch-sp1x64

Social References

More

Related

cvelist 1
nvd 1
seebug 1
prion 1
openvas 2
securityvulns 2
checkpoint_advisories 1
mskb 1
nessus 1
cvelist
cvelist
CVE-2009-0080
2009-04-15 03:49:00
nvd
nvd
CVE-2009-0080
2009-04-15 08:00:00
seebug
seebug
Microsoft Windows线程池ACLζœ¬εœ°ζƒι™ζε‡ζΌζ΄žοΌˆMS09-012οΌ‰
2009-04-25 00:00:00
prion
prion
Design/Logic Flaw
2009-04-15 08:00:00
openvas
openvas
Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
2009-04-15 00:00:00
Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
2009-04-15 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS09-012 - Important Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
2009-04-14 00:00:00
Microsoft Windows privilege escalation
2009-04-14 00:00:00
checkpoint_advisories
checkpoint_advisories
ASPX Spy (CVE-2008-1436; CVE-2009-0078; CVE-2009-0079; CVE-2009-0080)
2009-07-15 00:00:00
mskb
mskb
MS09-012: Vulnerabilities in Windows could allow elevation of privilege
2018-04-17 20:27:02
nessus
nessus
MS09-012: Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
2009-04-15 00:00:00

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.0%

JSON
Related for CVE-2009-0080
cvelist1nvd1seebug1prion1openvas2securityvulns2checkpoint_advisories1mskb1nessus1