CVE-2009-1123
Published: 10 June 2009
Summary
CVE-2009-1123 is a high-severity an unspecified weakness vulnerability in Microsoft Windows Xp. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 9.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
The vulnerability tracked as CVE-2009-1123 affects the kernel component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold through SP2, and Server 2008 SP2. It stems from improper validation of changes to unspecified kernel objects, which is tracked under the alias "Windows Kernel Desktop Vulnerability" and carries a CVSS 3.1 base score of 7.8.
Local users can exploit the flaw by running a crafted application on an affected system, resulting in an elevation of privileges that grants full control over the target host. The attack vector requires local access and some user interaction but does not need prior administrative rights.
Public advisories and technical alerts referencing the issue are available from sources such as US-CERT, SecurityTracker, Secunia, and OSVDB, providing further details on affected platforms and recommended actions.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2009-1124
Vulnerability details
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via…
more
a crafted application, aka "Windows Kernel Desktop Vulnerability."
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces access validation on kernel objects so that unauthorized changes attempted by a crafted local application cannot succeed.
Provides memory and object protection mechanisms that can block the unauthorized kernel-object modifications exploited by this local privilege-escalation flaw.
Limits the privileges available to non-administrative local users, thereby reducing the impact even if the kernel validation flaw is triggered.