Vulnerability Manager Plus

ms09-048: vulnerabilities in windows tcp/ip could allow remote code execution for Windows Vista (KB967723) x86 based systems for SP1

Risk Information

Base Score

8.6

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

EPSS Score

Exploitation Probability

43.307%

CVE Information

Source CVE
CVE-2009-1925

Associated CVE
CVE-2009-1925
CVE-2008-4609
CVE-2009-1926

Patch Details

Patch associated with this vulnerability is supported by ManageEngine.

Patch ID
7532

Patch Description
Security Update for Windows Vista (KB967723)

References

http://blog.robertlee.name/2008/10/conjecture-speculation.html
http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html
http://marc.info/?l=bugtraq&m=125856010926699&w=2
http://osvdb.org/57797
http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml
http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html
http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
http://www.securityfocus.com/archive/1/archive/1/506331/100/0/threaded
http://www.securityfocus.com/bid/36269
http://www.us-cert.gov/cas/techalerts/TA09-251A.html
https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html