CVE-2009-1125

Name of the Vulnerable Software and Affected Versions Microsoft Windows 2000 version SP4 Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista versions Gold through SP2 Microsoft Windows Server 2008 version SP2

Description The issue arises from the Windows kernel's failure to properly validate an argument passed to a system call, allowing local users to gain privileges via a crafted application. This could enable an attacker to run arbitrary code in kernel mode, potentially leading to the installation of programs, viewing, changing, or deleting data, or creating new accounts with full user rights.

Recommendations For Microsoft Windows 2000 SP4, update to a newer version to mitigate the risk. For Microsoft Windows XP SP2 and SP3, update to a newer version to mitigate the risk. For Microsoft Windows Server 2003 SP2, update to a newer version to mitigate the risk. For Microsoft Windows Vista Gold, SP1, and SP2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 SP2, update to a newer version to mitigate the risk.