Executive Summary

Informations
NameCVE-2009-0243First vendor Publication2009-01-21
VendorCveLast vendor Modification2009-01-29

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score7.2Attack RangeLocal
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by (1) inserting CD-ROM media, (2) inserting DVD media, (3) connecting a USB device, and (4) connecting a Firewire device; (5) allows user-assisted remote attackers to execute arbitrary code by mapping a network drive; and allows user-assisted attackers to execute arbitrary code by clicking on (6) an icon under My Computer\Devices with Removable Storage and (7) an option in an AutoPlay dialog, related to the Autorun.inf file. NOTE: vectors 1 and 3 on Vista are already covered by CVE-2008-0951.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0243

CWE : Common Weakness Enumeration

idName
CWE-16Configuration

CPE : Common Platform Enumeration

TypeDescriptionCount
Os1
Os6
Os3
Os4
Os4

OpenVAS Exploits

DateDescription
2009-02-02Name : Microsoft Autorun Arbitrary Code Execution Vulnerability (08-038)
File : nvt/secpod_ms08-038.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
56513Microsoft Windows Autorun / NoDriveTypeAutoRun Registry Value Enforcement Wea...

Internal Sources (Detail)

SourceUrl
CERThttp://www.us-cert.gov/cas/techalerts/TA09-020A.html
MISChttp://isc.sans.org/diary.html?storyid=5695
SECTRACKhttp://www.securitytracker.com/id?1021629

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2013-05-10 23:42:53
  • Multiple Updates