Vulnerability Description
The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows Server 2003 | All versions |
| Microsoft | Windows Xp | All versions |
Related Weaknesses (CWE)
References
- http://osvdb.org/53667
- http://www.securitytracker.com/id?1022044
- http://www.us-cert.gov/cas/techalerts/TA09-104A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2009/1026
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-01
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://osvdb.org/53667
- http://www.securitytracker.com/id?1022044
- http://www.us-cert.gov/cas/techalerts/TA09-104A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2009/1026
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-01
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2009-0079?
CVE-2009-0079 is a vulnerability with a CVSS score of 6.9 (MEDIUM). The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService acco...
How severe is CVE-2009-0079?
CVE-2009-0079 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0079?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows Server 2003, Microsoft Windows Xp.