Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0081

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-0081
Last Modified 21 Aug 2010 01:29:41
Published 10 Mar 2009 04:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0081

Summary

The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows Server 2003

  • Microsoft Windows Server 2008

  • Microsoft Windows Vista

  • Microsoft Windows Vista Gold

  • Microsoft Windows Xp


References

CERT - TA09-069A

MS - MS09-006

VUPEN - ADV-2009-0659

SECTRACK - 1021826

BID - 34012

CONFIRM - http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=842987&poid=

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-079.htm

SECUNIA - 34117

OSVDB - 52522


Last Updated: 27 May 2016 10:50:06