CVE-2009-0079
First published: Wed Apr 15 2009(Updated: )
The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows Server 2003 | ||
| Microsoft Windows Server 2003 | =sp1 | |
| Microsoft Windows XP | ||
| Microsoft Windows Server 2003 | =sp1 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows XP | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.us-cert.gov/cas/techalerts/TA09-104A.html
- http://osvdb.org/53667
- http://www.vupen.com/english/advisories/2009/1026
- http://www.securitytracker.com/id?1022044
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6147
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012
- collector/nvd-historical
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- vendor/microsoft
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2
- canonical/microsoft windows server 2003
- version/microsoft windows server 2003/sp1
- version/microsoft windows xp/sp3
- version/microsoft windows server 2003/sp2