CVE-2009-2653
Microsoft Windows XP - 'win32k.sys' Local Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.
** IMPUGNADA ** La función NtUserConsoleControl en win32k.sys en Microsoft Windows XP SP2 y SP3, y Server 2003 anterior a SP1, permite a usuarios administradores locales evitar "programas de seguridad" no especificados y obtener privilegios mediante una petición modificada que provoca la escritura de zonas de memoria de su elección. NOTA: el vendedor impugna la importancia de este informe, manteniendo que 'el "escalado" a SYSTEM de los administradores no es una limitación de seguridad que protejamos"
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-07-30 First Exploit
- 2009-08-03 CVE Reserved
- 2009-08-03 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://blogs.technet.com/srd/archive/2009/06/11/latest-baidu-public-posting-requires-adminisrator-to-elevate.aspx | X_refsource_misc | |
| http://osvdb.org/56780 | Vdb Entry | |
| http://securitytracker.com/id?1022630 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/9301 | 2009-07-30 | |
| http://hi.baidu.com/azy0922/blog/item/f950cbc2890729130ef47783.html | 2024-08-07 | |
| http://www.exploit-db.com/exploits/9301 | 2024-08-07 | |
| http://www.ntinternals.org/index.html#09_07_30 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | - | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | - | sp3 |
Affected
| ||||||