#VU1341 Privilege escalation in Windows Server and Windows - CVE-2009-1126
Published: December 16, 2016 / Updated: March 16, 2017
Vulnerability identifier: #VU1341
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2009-1126
CWE-ID: CWE-233
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Windows Server
Windows
Windows Server
Windows
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to improper validation of user-mode input. By running a malicious application, a local attacker can edit an unspecified desktop parameter and execute arbitrary code in kernel mode.
Successful exploitation of the vulnerability results in privilege escalation allowing to execute arbitrary code and take complete control of an affected system.
The weakness exists due to improper validation of user-mode input. By running a malicious application, a local attacker can edit an unspecified desktop parameter and execute arbitrary code in kernel mode.
Successful exploitation of the vulnerability results in privilege escalation allowing to execute arbitrary code and take complete control of an affected system.
Remediation
Install update from vendor's website:
Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=79b0481d-a3d7-477b-928a-a98cc79374af
http://go.microsoft.com/fwlink/?LinkId=132503
Windows XP Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=6349e046-a3f8-4ae5-b8c3-c9879cc99e8f
http://go.microsoft.com/fwlink/?LinkId=132503
Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=6349e046-a3f8-4ae5-b8c3-c9879cc99e8f
http://go.microsoft.com/fwlink/?LinkId=132503
Windows XP Professional x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=3769800e-af93-4a44-8a1e-b30cc54b226f
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=9356404c-d89a-4de0-b9b4-f6e1bdadf745
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=5a3123af-173d-49eb-9997-14e82e764aee
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2003 with SP2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=13b50993-410f-4e7a-a33a-6d9b48dbb4d1
http://go.microsoft.com/fwlink/?LinkId=132503
Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=79b0481d-a3d7-477b-928a-a98cc79374af
http://go.microsoft.com/fwlink/?LinkId=132503
Windows XP Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=6349e046-a3f8-4ae5-b8c3-c9879cc99e8f
http://go.microsoft.com/fwlink/?LinkId=132503
Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=6349e046-a3f8-4ae5-b8c3-c9879cc99e8f
http://go.microsoft.com/fwlink/?LinkId=132503
Windows XP Professional x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=3769800e-af93-4a44-8a1e-b30cc54b226f
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=9356404c-d89a-4de0-b9b4-f6e1bdadf745
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=5a3123af-173d-49eb-9997-14e82e764aee
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2003 with SP2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=13b50993-410f-4e7a-a33a-6d9b48dbb4d1
http://go.microsoft.com/fwlink/?LinkId=132503