CVE-2009-0080

Name of the Vulnerable Software and Affected Versions Windows Vista versions prior to SP2 Windows Server 2008 versions prior to SP2

Description The issue arises from the improper implementation of isolation among processes running under the same account, allowing local users to gain privileges by accessing resources of other processes due to incorrect thread ACLs. This could enable an attacker to run code with elevated privileges, potentially leading to the execution of arbitrary code and complete control of the affected system. An attacker could then perform various malicious actions such as installing programs, viewing, changing, or deleting data, or creating new accounts with full user rights.

Recommendations For Windows Vista versions prior to SP2, update to SP2 or a later service pack to resolve the issue. For Windows Server 2008 versions prior to SP2, update to SP2 or a later service pack to resolve the issue.