Lucene search

K

[email protected]NVD:CVE-2009-2512

HistoryNov 11, 2009 - 7:30 p.m.

CVE-2009-2512

2009-11-1119:30:00

CWE-94

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.783 High

EPSS

Percentile

98.3%

The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages, which allows remote attackers to execute arbitrary code via a crafted (1) message or (2) response, aka “Web Services on Devices API Memory Corruption Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_server_2008itanium

OR

microsoftwindows_server_2008x32

OR

microsoftwindows_server_2008x64

OR

microsoftwindows_server_2008sp2itanium

OR

microsoftwindows_server_2008sp2x32

OR

microsoftwindows_server_2008sp2x64

OR

microsoftwindows_vista

OR

microsoftwindows_vistax64

OR

microsoftwindows_vistasp1

OR

microsoftwindows_vistasp2

OR

microsoftwindows_vistaMatch-sp1

OR

microsoftwindows_vistaMatch-sp2

References

www.us-cert.gov/cas/techalerts/TA09-314A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-063

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6079

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.783 High

EPSS

Percentile

98.3%

Related for NVD:CVE-2009-2512

cve1 openvas2 securityvulns2 prion1 seebug1 nessus1 checkpoint_advisories2 cvelist1