Executive Summary
| Summary | |
|---|---|
| Title | Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501) |
| Informations | |||
|---|---|---|---|
| Name | MS09-022 | First vendor Publication | 2009-06-09 |
| Vendor | Microsoft | Last vendor Modification | 2009-06-17 |
| Severity (Vendor) | Critical | Revision | 1.1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Revision Note: V1.1 (June 17, 2009): Added "Disable the Print Spooler service" as workaround for CVE-2009-0230.Summary: This security update resolves three privately reported vulnerabilities in Windows Print Spooler. The most severe vulnerability could allow remote code execution if an affected server received a specially crafted RPC request. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. |
Original Source
| Url : http://www.microsoft.com/technet/security/bulletin/MS09-022.mspx |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 33 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 33 % | CWE-200 | Information Exposure |
| 33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:5815 | |||
| Oval ID: | oval:org.mitre.oval:def:5815 | ||
| Title: | Print Spooler Read File Vulnerability | ||
| Description: | The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0229 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6287 | |||
| Oval ID: | oval:org.mitre.oval:def:6287 | ||
| Title: | Print Spooler Load Library Vulnerability | ||
| Description: | The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0230 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6317 | |||
| Oval ID: | oval:org.mitre.oval:def:6317 | ||
| Title: | Buffer Overflow in Print Spooler Vulnerability | ||
| Description: | Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0228 | Version: | 1 |
| Platform(s): | Microsoft Windows 2000 | Product(s): | |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
SAINT Exploits
| Description | Link |
|---|---|
| Windows Print Spooler EnumeratePrintShares buffer overflow | More info here |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-06-10 | Name : Vulnerabilities in Print Spooler Could Allow Remote Code Execution (961501) File : nvt/secpod_ms09-022.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 54934 | Microsoft Windows Print Spooler Load Library Crafted RPC Message Arbitrary DL... |
| 54933 | Microsoft Windows Print Spooler Crafted Separator Page Arbitrary Local File D... |
| 54932 | Microsoft Windows Print Spooler win32spl.dll EnumeratePrintShares Function Re... |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | DCERPC NCACN-IP-TCP spoolss NetShareEnumAll response overflow attempt RuleID : 20275 - Revision : 7 - Type : NETBIOS |
| 2014-01-10 | Microsoft Windows DCERPC NCACN-IP-TCP spoolss RpcSetPrinterDataEx attempt RuleID : 15528 - Revision : 7 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows srvsvc NetrShareEnum netname overflow attempt RuleID : 15523 - Revision : 8 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-06-10 | Name : Arbitrary code can be executed on the remote host due to a flaw in the Spoole... File : smb_nt_ms09-022.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2016-04-26 22:56:02 |
|
| 2014-02-17 11:46:14 |
|
| 2014-01-19 21:30:19 |
|
| 2013-05-11 00:49:29 |
|
