PT-2009-4381 · Microsoft · Windows Server 2003+4

Nikita Tarakanov

Published

2009-08-12

Updated

2019-02-26

CVE-2009-1922

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold

Description: The issue concerns the Message Queuing (MSMQ) service, which does not properly validate unspecified IOCTL request data from user mode before passing it to kernel mode. This allows local users to gain privileges via a crafted request.

Recommendations: For Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold, update to a newer version to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2009-1922

Affected Products

Msmq

Windows 2000

Windows Server 2003

Windows Vista

Windows Xp

PT-2009-4381 · Microsoft · Windows Server 2003+4

CVE-2009-1922

Weakness Enumeration

Related Identifiers

Affected Products

References · 9