Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2653


Vulnerability Score 4.6 4.6
CVE Id CVE-2009-2653
Last Modified 11 Aug 2009 01:26:42
Published 03 Aug 2009 10:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE



** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.'

Vulnerable Systems

Operating System

  • Microsoft Windows Server 2003

  • Microsoft Windows Xp -



MILW0RM - 9301

SECTRACK - 1022630

OSVDB - 56780



Last Updated: 27 May 2016 10:50:59