CVE-2009-2505

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2

Description A remote code execution issue exists due to improper validation of MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests. This allows remote attackers to execute arbitrary code via crafted structures in a malformed request. The issue is caused by incorrect copying into memory of messages received by the server when handling PEAP authentication attempts, which could allow an attacker to take complete control of an affected system.

Recommendations For Microsoft Windows Vista SP2, update the system to address the issue. For Microsoft Windows Server 2008 SP2, update the server to resolve the vulnerability. As a temporary workaround, consider restricting access to the PEAP authentication protocol until a patch is available.