Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0320

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2009-0320
Last Modified 29 Jan 2009 12:00:00
Published 28 Jan 2009 01:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2009-0320

Summary

Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."

Vulnerable Systems

Operating System

  • Microsoft Windows Server 2003

  • Microsoft Windows Server 2008

  • Microsoft Windows Vista

  • Microsoft Windows Xp


References

BID - 33440

BUGTRAQ - 20090124 Benchmarking attacks and major security weakness on all recent Windows versions up to Windows 200


Last Updated: 27 May 2016 10:50:12