Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Windows Kernel |
Informations | |||
---|---|---|---|
Name | MS09-065 | First vendor Publication | 2009-11-10 |
Vendor | Microsoft | Last vendor Modification | 2009-11-12 |
Severity (Vendor) | Critical | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (November 12, 2009): Added a link to Microsoft Knowledge Base Article 969947 under Known Issues in the Executive Summary.Summary: This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font. In a Web-based attack scenario, an attacker would have to host a Web site that contains specially crafted embedded fonts that are used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted Web site. Instead, an attacker would have to convince the user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the attacker's site. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS09-065.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-20 | Improper Input Validation |
33 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5588 | |||
Oval ID: | oval:org.mitre.oval:def:5588 | ||
Title: | Win32k NULL Pointer Dereferencing Vulnerability | ||
Description: | win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1127 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6277 | |||
Oval ID: | oval:org.mitre.oval:def:6277 | ||
Title: | Win32k Insufficient Data Validation Vulnerability | ||
Description: | The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2513 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6406 | |||
Oval ID: | oval:org.mitre.oval:def:6406 | ||
Title: | Win32k EOT Parsing Vulnerability | ||
Description: | win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2514 | Version: | 1 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2009-11-12 | Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution |
OpenVAS Exploits
Date | Description |
---|---|
2009-11-11 | Name : Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities (969947) File : nvt/secpod_ms09-065.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
59869 | Microsoft Windows Win32k Table of Directory Entry Building Font Code Parsing ... |
59868 | Microsoft Windows Win32k GDI Kernel Component Unspecified Local Privilege Esc... |
59867 | Microsoft Windows Win32k Unspecified Kernel System Call Local Privilege Escal... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt RuleID : 24487 - Revision : 9 - Type : FILE-PDF |
2014-01-10 | Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt RuleID : 24486 - Revision : 8 - Type : FILE-PDF |
2014-01-10 | Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt RuleID : 24485 - Revision : 8 - Type : FILE-PDF |
2014-01-10 | Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt RuleID : 23508 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Microsoft Windows EOT font parsing integer overflow attempt RuleID : 16232 - Revision : 9 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt RuleID : 16231 - Revision : 22 - Type : FILE-PDF |
Metasploit Database
id | Description |
---|---|
2009-11-10 | Microsoft Windows EOT Font Table Directory Integer Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-11-10 | Name : The remote Windows kernel is affected by remote privilege escalation vulnerab... File : smb_nt_ms09-065.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-05-23 13:17:13 |
|
2016-03-06 21:22:01 |
|
2016-03-06 17:24:10 |
|
2014-02-17 11:46:23 |
|
2014-01-19 21:30:24 |
|