PT-2009-2984 · Microsoft · Windows

Published

2009-01-28

Updated

2019-02-26

CVE-2009-0320

CVSS v2.0

4.0

Medium

Vector

AV:L/AC:H/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version

Description The issue allows local users to obtain sensitive information by exposing I/O activity measurements of all processes. This can be demonstrated by reading the I/O Other Bytes column in Task Manager (taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, which is related to a "benchmarking attack."

Recommendations For Microsoft Windows versions prior to the fixed version, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Race Condition

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-200

Related Identifiers

CVE-2009-0320

Affected Products

Windows

PT-2009-2984 · Microsoft · Windows

CVE-2009-0320

Weakness Enumeration

Related Identifiers

Affected Products

References · 3