| Vulnerability Name: | CVE-2009-2512 (CCN-53985) | ||||||||
| Assigned: | 2009-11-10 | ||||||||
| Published: | 2009-11-10 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages, which allows remote attackers to execute arbitrary code via a crafted (1) message or (2) response, aka "Web Services on Devices API Memory Corruption Vulnerability." | ||||||||
| CVSS v3 Severity: | 9.6 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.2 Medium (CCN Temporal CVSS v2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-94 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2009-2512 Source: CCN Type: SA37314 Windows Web Services on Devices API Memory Corruption Vulnerability Source: CCN Type: IBM Internet Security Systems Protection Alert Microsoft Windows WSDAPI code execution Source: CCN Type: Microsoft Security Bulletin MS09-063 Vulnerability in Web Service on Devices Could Allow Remote Code Execution (973565) Source: CCN Type: BID-36919 Microsoft Windows Web Services on Devices API Remote Code Execution Vulnerability Source: CERT Type: US Government Resource TA09-314A Source: MS Type: UNKNOWN MS09-063 Source: XF Type: UNKNOWN ms-win-wsdapi-code-execution(53985) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:6079 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||