Lucene search

PRIOn knowledge basePRION:CVE-2009-1922

HistoryAug 12, 2009 - 5:30 p.m.

Null pointer dereference

2009-08-1217:30:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka “MSMQ Null Pointer Vulnerability.”

CPENameOperatorVersion
windows_2000eq- sp4
windows_vistaeq- x64
windows_xpeq sp2x64
windows_xpeq- sp2

Name	Operator	Version
windows_2000	eq	- sp4
windows_vista	eq	- x64
windows_xp	eq	sp2x64
windows_xp	eq	- sp2

References

en.securitylab.ru/lab/PT-2008-09

osvdb.org/56901

secunia.com/advisories/36214

www.securityfocus.com/archive/1/505691/100/0/threaded

www.securitytracker.com/id?1022714

www.us-cert.gov/cas/techalerts/TA09-223A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-040

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6109

6.8 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for PRION:CVE-2009-1922