CVE-2009-1124

Name of the Vulnerable Software and Affected Versions Microsoft Windows 2000 SP4 Microsoft Windows XP SP2 and SP3 Microsoft Windows Server 2003 SP2 Microsoft Windows Vista Gold, SP1, and SP2 Microsoft Windows Server 2008 SP2

Description The issue arises from the kernel's failure to properly validate user-mode pointers in certain error conditions, allowing local users to gain privileges via a crafted application. This is due to insufficient validation of certain pointers passed from user mode, which could enable an attacker to run arbitrary code in kernel mode. As a result, an attacker could install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows 2000 SP4, update to a newer version to mitigate the risk. For Microsoft Windows XP SP2 and SP3, update to a newer version to mitigate the risk. For Microsoft Windows Server 2003 SP2, update to a newer version to mitigate the risk. For Microsoft Windows Vista Gold, SP1, and SP2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 SP2, update to a newer version to mitigate the risk.