Vulnerability Name:

CVE-2009-0080 (CCN-49584)

Assigned:2009-04-14
Published:2009-04-14
Updated:2021-11-08
Summary:The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by leveraging incorrect thread ACLs to access the resources of one of the processes, aka "Windows Thread Pool ACL Weakness Vulnerability."
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.9 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-269
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2009-0080

Source: OSVDB
Type: Broken Link
53668

Source: CCN
Type: SECTRACK ID: 1022044
Microsoft Windows Privilege Separation and Access Control Bugs Let Local Users Gain Elevated Privileges

Source: CCN
Type: ASA-2009-137
MS09-012 Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)

Source: CCN
Type: Microsoft Security Bulletin MS09-012
Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)

Source: CCN
Type: OSVDB ID: 53668
Microsoft Windows ThreadPool ACL Enforcement Weakness Local Privilege Escalation

Source: CCN
Type: BID-34444
Microsoft Windows Thread Pool ACL Local Privilege Escalation Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1022044

Source: CERT
Type: Third Party Advisory, US Government Resource
TA09-104A

Source: VUPEN
Type: Permissions Required
ADV-2009-1026

Source: MS
Type: Patch, Vendor Advisory
MS09-012

Source: XF
Type: UNKNOWN
win-threadpool-acl-privilege-escalation(49584)

Source: CCN
Type: Churrasco GIT Repository
Churrasco/Churrasco.cpp

Source: CCN
Type: Medium Web site
[Windows Privelege Escalation via Token Kidnapping]

Source: CCN
Type: NotSoSecure Web site
Windows 2003 Token Kidnapping Privilege Escalation

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:6177

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [2008-10-08]

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:-:*:*:*:*:*:x64:*
  • OR cpe:/o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:-:sp1:*:*:*:*:x64:*

  • Configuration CCN 1:
  • cpe:/o:microsoft:windows_vista:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:::~~~~x64~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:-:sp1:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:6177
    V
    Windows Thread Pool ACL Weakness Vulnerability
    2014-03-17
    BACK
    microsoft windows server 2008 -
    microsoft windows vista -
    microsoft windows vista -
    microsoft windows vista - sp1
    microsoft windows vista - sp1
    microsoft windows vista
    microsoft windows vista
    microsoft windows vista sp1
    microsoft windows vista sp1
    microsoft windows server 2008
    microsoft windows server 2008 -
    microsoft windows server 2008 -