Executive Summary
| Summary | |
|---|---|
| Title | Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690) |
| Informations | |||
|---|---|---|---|
| Name | MS09-006 | First vendor Publication | 2009-03-10 |
| Vendor | Microsoft | Last vendor Modification | 2009-03-10 |
| Severity (Vendor) | Critical | Revision | 1.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Revision Note: Bulletin published.Summary: This security update resolves several privately reported vulnerabilities in the Windows kernel. The most serious vulnerability could allow remote code execution if a user viewed a specially crafted EMF or WMF image file from an affected system. |
Original Source
| Url : http://www.microsoft.com/technet/security/bulletin/MS09-006.mspx |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:5440 | |||
| Oval ID: | oval:org.mitre.oval:def:5440 | ||
| Title: | Windows Kernel Invalid Pointer Vulnerability | ||
| Description: | The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0083 | Version: | 1 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6036 | |||
| Oval ID: | oval:org.mitre.oval:def:6036 | ||
| Title: | Windows Kernel Handle Validation Vulnerability | ||
| Description: | The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0082 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6202 | |||
| Oval ID: | oval:org.mitre.oval:def:6202 | ||
| Title: | Windows Kernel Input Validation Vulnerability | ||
| Description: | The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0081 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 1 | |
| Os | 4 | |
| Os | 3 | |
| Os | 3 | |
| Os | 4 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-03-11 | Name : Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690) File : nvt/secpod_ms09-006.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 52524 | Microsoft Windows Invalid Pointer Local Privilege Escalation Windows contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by an unspecified flaw in the kernel related to invalid pointers. This flaw may lead to a loss of integrity. |
| 52523 | Microsoft Windows Handle Validation Local Privilege Escalation Windows contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by an unspecified handle validation flaw in the kernel. This flaw may lead to a loss of integrity. |
| 52522 | Microsoft Windows GDI Kernel Component Unspecified Remote Code Execution An unspecified remote code execution flaw exists in Window. The GDI kernel interface fails to validate WMF and EMF graphics files resulting in arbitrary code execution. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2019-09-05 | Microsoft Windows GDI EMF parsing arbitrary code execution attempt RuleID : 50885 - Revision : 1 - Type : FILE-OTHER |
| 2019-09-05 | Microsoft Windows GDI EMF parsing arbitrary code execution attempt RuleID : 50884 - Revision : 1 - Type : FILE-OTHER |
| 2014-01-10 | Microsoft Internet Explorer EMF polyline overflow attempt RuleID : 15300 - Revision : 9 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-03-11 | Name : It is possible to execute arbitrary code on the remote host. File : smb_nt_ms09-006.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:46:10 |
|
| 2014-01-19 21:30:17 |
|
