Vulnerability Details : CVE-2009-0230

The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."

Published 2009-06-10 18:00:00

Updated 2018-10-12 21:50:17

Source Microsoft Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2009-0230

Probability of exploitation activity in the next 30 days: 0.68%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 77 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-0230

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
9.0	HIGH	AV:N/AC:L/Au:S/C:C/I:C/A:C	8.0	10.0	[email protected]
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2009-0230

CWE-264

Assigned by: [email protected] (Primary)

References for CVE-2009-0230

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-022

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6287

Third Party Advisory
http://www.securityfocus.com/bid/35209

Third Party Advisory;VDB Entry
http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm

Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id?1022352

Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.us-cert.gov/cas/techalerts/TA09-160A.html

Third Party Advisory;US Government Resource

CVEs referencing this url
http://www.vupen.com/english/advisories/2009/1541

Third Party Advisory

CVEs referencing this url

Products affected by CVE-2009-0230

Microsoft » Windows 2000 » Update SP4
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP3
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP2
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP2 For X64
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 2003 Server » Update SP2 For X64
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 2003 Server » Update SP2
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Update SP2 For Itanium
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:itanium:*
Matching versions
Microsoft » Windows Vista » Update SP2
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » For X64
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows Vista
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » Update SP1
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server » Version: 2008 For Itanium
cpe:2.3:o:microsoft:windows_server:2008:*:*:*:*:*:itanium:*
Matching versions
Microsoft » Windows Server » Version: 2008 SP2 Edition For Itanium
cpe:2.3:o:microsoft:windows_server:2008:*:sp2:*:*:*:itanium:*
Matching versions
Microsoft » Windows Server 2008 » For X64
cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows Server 2008
cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Update SP2
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: N/A Update SP2 For X64
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
Matching versions