CVE-2009-0082

2009-03-1020:30:01

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

17.2%

JSON

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified “actions,” aka “Windows Kernel Handle Validation Vulnerability.”

Affected configurations

Nvd

Node

microsoftwindows_2000sp4

microsoftwindows_server_2003

microsoftwindows_server_2003sp1

microsoftwindows_server_2003sp1itanium

microsoftwindows_server_2003sp2

microsoftwindows_server_2008

microsoftwindows_server_2008itanium

microsoftwindows_server_2008x64

microsoftwindows_vistax64

microsoftwindows_vistasp1

microsoftwindows_vistaMatchgold

microsoftwindows_xpx64

microsoftwindows_xpsp2

microsoftwindows_xpsp2x64

microsoftwindows_xpsp3

VendorProductVersionCPE
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
microsoftwindows_server_2003*cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
microsoftwindows_server_2003*cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
microsoftwindows_server_2003*cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*
microsoftwindows_server_2003*cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
microsoftwindows_vista*cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
microsoftwindows_vista*cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_2000	*	cpe:2.3:o:microsoft:windows_2000::sp4::::::*
microsoft	windows_server_2003	*	cpe:2.3:o:microsoft:windows_server_2003::::::::
microsoft	windows_server_2003	*	cpe:2.3:o:microsoft:windows_server_2003::sp1::::::*
microsoft	windows_server_2003	*	cpe:2.3:o:microsoft:windows_server_2003::sp1:itanium:::::
microsoft	windows_server_2003	*	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008::::::::
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008:::itanium:::::*
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008:::x64:::::*
microsoft	windows_vista	*	cpe:2.3:o:microsoft:windows_vista:::x64:::::*
microsoft	windows_vista	*	cpe:2.3:o:microsoft:windows_vista::sp1::::::*