Vulnerability Description
Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
Related Weaknesses (CWE)
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=806
- http://osvdb.org/54932
- http://secunia.com/advisories/35365
- http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm
- http://www.securityfocus.com/bid/35206
- http://www.securitytracker.com/id?1022352
- http://www.us-cert.gov/cas/techalerts/TA09-160A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2009/1541
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-02
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=806
- http://osvdb.org/54932
- http://secunia.com/advisories/35365
- http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm
- http://www.securityfocus.com/bid/35206
FAQ
What is CVE-2009-0228?
CVE-2009-0228 is a vulnerability with a CVSS score of 10.0 (HIGH). Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code v...
How severe is CVE-2009-0228?
CVE-2009-0228 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0228?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000.