Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2653

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2009-2653
Last Modified 11 Aug 2009 01:26:42
Published 03 Aug 2009 10:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2009-2653

Summary

** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.'

Vulnerable Systems

Operating System

  • Microsoft Windows Server 2003

  • Microsoft Windows Xp -


References

MISC - http://www.ntinternals.org/index.html#09_07_30

MILW0RM - 9301

SECTRACK - 1022630

OSVDB - 56780

MISC - http://hi.baidu.com/azy0922/blog/item/f950cbc2890729130ef47783.html

MISC - http://blogs.technet.com/srd/archive/2009/06/11/latest-baidu-public-posting-requires-adminisrator-to-elevate.aspx


Last Updated: 27 May 2016 10:50:59