PT-2009-4919 · Microsoft · Windows Server 2008+3
Neel Mehta
·
Published
2009-11-11
·
Updated
2025-01-21
·
CVE-2009-2512
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Windows Vista versions Gold, SP1, and SP2
Windows Server 2008 versions Gold and SP2
Description
A remote code execution issue exists due to improper processing of WSD message headers by the Web Services on Devices API (WSDAPI). This allows remote attackers to execute arbitrary code via a crafted message or response. The vulnerability is caused by the service not properly handling a WSDAPI message with a specially crafted header, which could allow an attacker to take complete control of an affected system.
Recommendations
For Windows Vista versions Gold, SP1, and SP2: Apply the necessary patch to fix the Web Services on Devices API (WSDAPI) memory corruption issue.
For Windows Server 2008 versions Gold and SP2: Apply the necessary patch to fix the Web Services on Devices API (WSDAPI) memory corruption issue.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Web Services On Devices Api
Windows
Windows Server 2008
Windows Vista