Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2009-2507 | First vendor Publication | 2009-10-14 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability." |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2507 |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:6042 | |||
| Oval ID: | oval:org.mitre.oval:def:6042 | ||
| Title: | Memory Corruption in Indexing Service Vulnerability | ||
| Description: | A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-2507 | Version: | 1 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 1 | |
| Os | 3 | |
| Os | 3 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-10-15 | Name : Microsoft Windows Indexing Service ActiveX Vulnerability (969059) File : nvt/secpod_ms09-057.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 58854 | Microsoft Windows Indexing Service ActiveX Memory Corruption Arbitrary Code E... |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2009-10-15 | IAVM : 2009-B-0053 - Microsoft Indexing Services Remote Code Execution Vulnerability Severity : Category I - VMSKEY : V0021750 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Internet Explorer indexing service malformed parameters RuleID : 16155 - Revision : 10 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-10-13 | Name : The remote Windows host has an ActiveX control that is affected by a code exe... File : smb_nt_ms09-057.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:10:12 |
|
| 2024-11-28 12:19:26 |
|
| 2021-05-04 12:09:50 |
|
| 2021-04-22 01:10:11 |
|
| 2020-05-23 00:24:03 |
|
| 2018-10-13 00:22:50 |
|
| 2017-09-19 09:23:18 |
|
| 2016-04-26 18:58:50 |
|
| 2014-02-17 10:50:50 |
|
| 2014-01-19 21:26:02 |
|
| 2013-11-11 12:38:22 |
|
| 2013-05-10 23:54:12 |
|
