Vulnerability Details : CVE-2009-0080
The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by leveraging incorrect thread ACLs to access the resources of one of the processes, aka "Windows Thread Pool ACL Weakness Vulnerability."
Products affected by CVE-2009-0080
- cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-0080
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-0080
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2009-0080
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-0080
-
http://www.vupen.com/english/advisories/2009/1026
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPermissions Required
-
http://www.us-cert.gov/cas/techalerts/TA09-104A.html
Microsoft Updates for Multiple Vulnerabilities | CISAThird Party Advisory;US Government Resource
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6177
Third Party Advisory
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012
Microsoft Security Bulletin MS09-012 - Important | Microsoft LearnPatch;Vendor Advisory
-
http://www.securitytracker.com/id?1022044
Third Party Advisory;VDB Entry
Jump to