Back to KEVs

CVE-2009-1123

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate...

Basic Information

CVE State: PUBLISHED
Reserved Date: March 25, 2009
Published Date: June 10, 2009
Last Updated: February 04, 2025
Vendor: Microsoft
Product: Windows
Description: The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
Tags

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2.0

7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2022-03-03 00:00:00 UTC) Source

References

http://secunia.com/advisories/35372 http://osvdb.org/54940 http://www.vupen.com/english/advisories/2009/1544 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-025 http://www.securitytracker.com/id?1022359 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6206 http://www.us-cert.gov/cas/techalerts/TA09-160A.html

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-03-03 00:00:00 UTC

Timeline

CVE ID Reserved

March 25, 2009
CVE Published to Public

June 10, 2009
Added to KEVIntel

March 03, 2022