CVE-2009-1123

7.8 HIGH CISA KEV - Actively Exploited
Published: June 10, 2009 Modified: October 22, 2025
View on NVD

Description

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://osvdb.org/54940
Source: secure@microsoft.com
Broken Link
http://secunia.com/advisories/35372
Source: secure@microsoft.com
Broken Link
http://www.securitytracker.com/id?1022359
Source: secure@microsoft.com
Broken Link Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA09-160A.html
Source: secure@microsoft.com
Broken Link Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2009/1544
Source: secure@microsoft.com
Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-025
Source: secure@microsoft.com
Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6206
Source: secure@microsoft.com
Broken Link
http://osvdb.org/54940
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/35372
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.securitytracker.com/id?1022359
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA09-160A.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2009/1544
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-025
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6206
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-1123
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

15 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.8 / 10.0
EPSS (Exploit Probability)
4.3%
88th percentile
Exploitation Status
Actively Exploited
Remediation due: 2022-03-24

Affected Vendors

microsoft