CVE-2009-1132

Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.us-cert.gov/cas/techalerts/TA09-251A.html	US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-049
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6389
http://www.us-cert.gov/cas/techalerts/TA09-251A.html	US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-049
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6389

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:::::*
	cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:::::*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:::::*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:::::*
	cpe:2.3:o:microsoft:windows_vista::::::::
	cpe:2.3:o:microsoft:windows_vista::sp1::::::*
	cpe:2.3:o:microsoft:windows_vista::sp2::::::*
	cpe:2.3:o:microsoft:windows_vista:-:-:x64:::::*
	cpe:2.3:o:microsoft:windows_vista:-:sp1::::::
	cpe:2.3:o:microsoft:windows_vista:-:sp2::::::

History

21 Nov 2024, 01:01

Type	Values Removed	Values Added
References	~~() http://www.us-cert.gov/cas/techalerts/TA09-251A.html - US Government Resource~~	() http://www.us-cert.gov/cas/techalerts/TA09-251A.html - US Government Resource
References	~~() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-049 -~~	() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-049 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6389 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6389 -

07 Dec 2023, 18:38

Type	Values Removed	Values Added
CPE	cpe:2.3:o:microsoft:windows_vista::sp2:x64::::: cpe:2.3:o:microsoft:windows_vista::sp1:x64:::::	cpe:2.3:o:microsoft:windows_vista::sp1::::::* cpe:2.3:o:microsoft:windows_vista::sp2::::::*

Information

Published : 2009-09-08 22:30

Updated : 2025-04-09 00:30

NVD link : CVE-2009-1132

Mitre link : CVE-2009-1132

CVE.ORG link : CVE-2009-1132

JSON object : View

Products Affected

microsoft

windows_vista
windows_server_2008

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2009-1132", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-09-08T22:30:00.267", "references": [{"url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-049", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6389", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-049", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6389", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka \"Wireless Frame Parsing Remote Code Execution Vulnerability.\""}, {"lang": "es", "value": "Desbordamiento del b\u00fafer basado en memoria din\u00e1mica en el Servicio Wireless LAN AutoConfig (tambi\u00e9n llamado Wlansvc) en Microsoft Windows Vista Gold, SP1 y SP2, y Server 2008 Gold y SP2, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una trama inal\u00e1mbrica mal formada. Tambi\u00e9n es conocido como \"Vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remoto en el An\u00e1lisis de Tramas Inal\u00e1mbricas\""}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26A548AB-7C40-4CB7-B024-8A2DA947F245"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BE99796-BADE-40D1-AD85-03D28A466E5F"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C9B0563-D613-497D-8F2E-515E6DA00CA5"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA99C751-91CB-43D4-93FF-1C12342CAF1E"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:-:-:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD560746-0AED-4646-934E-6742888FB6F2"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A04E39A-623E-45CA-A5FC-25DAA0F275A3"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}

9.3 /10