| Vulnerability Name: | CVE-2009-1132 (CCN-51468) | ||||||||
| Assigned: | 2009-09-08 | ||||||||
| Published: | 2009-09-08 | ||||||||
| Updated: | 2018-10-30 | ||||||||
| Summary: | Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability." | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2009-1132 Source: CCN Type: SA36599 Microsoft Windows Vista Wireless LAN AutoConfig Service Code Execution Source: CCN Type: SA36604 Windows Server 2008 Wireless LAN AutoConfig Service Code Execution Source: CCN Type: Microsoft Security Bulletin MS09-049 Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710) Source: CCN Type: BID-36223 Microsoft Windows Wireless LAN AutoConfig Frame Parsing Remote Code Execution Vulnerability Source: CERT Type: US Government Resource TA09-251A Source: MS Type: UNKNOWN MS09-049 Source: XF Type: UNKNOWN win-wireless-lan-bo(51468) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:6389 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||