| Vulnerability Name: | CVE-2009-2507 (CCN-53540) | ||||||||
| Assigned: | 2009-10-13 | ||||||||
| Published: | 2009-10-13 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability." | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2009-2507 Source: CCN Type: SA37000 Microsoft Indexing Service ActiveX Control Memory Corruption Source: CCN Type: IBM Internet Security Systems Protection Alert Microsoft Windows Indexing Service ActiveX Control Remote Code Execution Source: CCN Type: Microsoft Security Bulletin MS09-057 Vulnerability in Indexing Service Could Allow Remote Code Execution (969059) Source: CCN Type: BID-36629 Microsoft Indexing Service ActiveX Control Remote Code Execution Vulnerability Source: CERT Type: US Government Resource TA09-286A Source: MS Type: UNKNOWN MS09-057 Source: XF Type: UNKNOWN win-indexingservice-activex-code-execution(53540) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:6042 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||