CVE-2009-1922

high

Description

The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6109

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-040

http://www.us-cert.gov/cas/techalerts/TA09-223A.html

http://www.securitytracker.com/id?1022714

http://www.securityfocus.com/archive/1/505691/100/0/threaded

http://secunia.com/advisories/36214

http://osvdb.org/56901

http://en.securitylab.ru/lab/PT-2008-09

Details

Source: Mitre, NVD

Published: 2009-08-12

Updated: 2019-02-26

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High