MS09-022: Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501)

NASLDB: MS09-022: Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501)

General

ID: 39344
Name: MS09-022: Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501)

Summary: Checks version of Localspl.dll

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Port: 139
Family: Windows : Microsoft Bulletins
Type: Local

Description

The version of the Print Spooler service on the remote Windows host is
affected by one or more of the following vulnerabilities :

– A buffer overflow vulnerability could allow an
unauthenticated, remote attacker to execute arbitrary
code with SYSTEM privileges. (CVE-2009-0228)

– Using a specially crafted separator page, a local user
can read or print any file on the affected system.
(CVE-2009-0229)

– Using a specially crafted RPC message, a user who has
the ‘Manage Printer’ privilege can have the spooler
load an arbitrary DLL and thereby execute arbitrary
code with elevated privileges. (CVE-2009-0230)

Exploiting

Exploit Available: True
Exploitability Ease: Exploits are available

Sources

CVE: CVE-2009-0228
OSVDB: –
Bugtraq: 35206
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: –
Plugin Release: 2009/06/10

Plugin

Version: 1.15
Filename: smb_nt_ms09-022.nasl
Filesize: 5208 bytes
MD5 Hash: 6d14d07b68c400bcef7cf7b76c1b1145

Identification: Host/patch_management_checks
Require Keys: SMB/MS_Bulletin_Checks/Possible
Dependencies: "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"

Letzte Plugins

Letzte Plugins

scip AG