Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1925

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2009-1925
Last Modified 21 Aug 2010 01:33:00
Published 08 Sep 2009 06:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1925

Summary

The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 2000 -

  • Microsoft Windows Server 2003

  • Microsoft Windows Server 2008

  • Microsoft Windows Server 2008 -

  • Microsoft Windows Vista

  • Microsoft Windows Vista -


References

CERT - TA09-251A

MS - MS09-048


Last Updated: 27 May 2016 10:50:44