CVE-2009-1922
Description
The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka MSMQ Null Pointer Vulnerability.
Risk Information
Base Score
7.8
MODERATE
Vector
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.887
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Security Update for Windows 2000 (KB971032) | Windows |
| Security Update for Windows XP (KB971032) | Windows |
| Security Update for Windows Server 2003 (KB971032) | Windows |
| Security Update for Windows XP x64 Edition (KB971032) | Windows |
| Security Update for Windows Server 2003 x64 Edition (KB971032) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-7390 | Security Update for Windows Server 2003 (KB971032) |
| PATCH-7393 | Security Update for Windows Server 2003 x64 Edition (KB971032) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234