Lucene search

PRIOn knowledge basePRION:CVE-2009-1127

HistoryNov 11, 2009 - 7:30 p.m.

Null pointer dereference

2009-11-1119:30:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka “Win32k NULL Pointer Dereferencing Vulnerability.”

CPENameOperatorVersion
windows_server_2008eq sp2itanium
windows_xpeq sp2x64

CPE	Name	Operator	Version
	windows_server_2008	eq	sp2itanium
	windows_xp	eq	sp2x64

References

www.us-cert.gov/cas/techalerts/TA09-314A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-065

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5588

6.7 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for PRION:CVE-2009-1127