| Vulnerability Name: | CVE-2009-0320 (CCN-48392) | ||||||||
| Assigned: | 2009-01-24 | ||||||||
| Published: | 2009-01-24 | ||||||||
| Updated: | 2019-02-26 | ||||||||
| Summary: | Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack." | ||||||||
| CVSS v3 Severity: | 2.9 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:N/A:N) 3.2 Low (Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:N/A:N/E:U/RL:U/RC:UR)
0.9 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-200 CWE-362 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sat Jan 24 2009 - 05:32:11 CST Benchmarking attacks and major security weakness on all recent Windows versions up to Windows 200 Source: MITRE Type: CNA CVE-2009-0320 Source: CCN Type: Microsoft Web site Microsoft Corporation Source: CCN Type: OSVDB ID: 53533 Microsoft Windows Task Manager (taskmgr.exe) I/O Activity Local Information Disclosure Source: BUGTRAQ Type: UNKNOWN 20090124 Benchmarking attacks and major security weakness on all recent Windows versions up to Windows 200 Source: BID Type: UNKNOWN 33440 Source: CCN Type: BID-33440 Microsoft Windows 'RunAs' Password Length Local Information Disclosure Vulnerability Source: XF Type: UNKNOWN microsoft-windows-io-info-disclosure(48392) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||