CVE-2009-1544

Description

Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Microsoft / windows_2003_serversp2 – sp2
Microsoft / windows_2003_serversp2 – sp2
Microsoft / windows_2003_serversp2 – sp2
Microsoft / windows_server_2008
Microsoft / windows_server_2008
Microsoft / windows_server_2008
Microsoft / windows_server_2008
Microsoft / windows_server_2008
Microsoft / windows_server_2008
Microsoft / windows_vista
Microsoft / windows_vista
Microsoft / windows_vista
Microsoft / windows_xp
Microsoft / windows_xp
Microsoft / windows_xp

References

MISChttp://www.us-cert.gov/cas/techalerts/TA09-223A.html
MISChttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-041
MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6286