cvelistv5 - cve-2009-0229

CVE-2009-0229 (GCVE-0-2009-0229)

Vulnerability from cvelistv5 – Published: 2009-06-10 17:37 – Updated: 2024-08-07 04:24

Summary

The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.vupen.com/english/advisories/2009/1541	vdb-entryx_refsource_VUPEN
	http://www.us-cert.gov/cas/techalerts/TA09-160A.html	third-party-advisoryx_refsource_CERT
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securityfocus.com/bid/35208	vdb-entryx_refsource_BID
	http://secunia.com/advisories/35365	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id?1022352	vdb-entryx_refsource_SECTRACK
	http://osvdb.org/54933	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:24:18.406Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm"
          },
          {
            "name": "oval:org.mitre.oval:def:5815",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5815"
          },
          {
            "name": "ADV-2009-1541",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1541"
          },
          {
            "name": "TA09-160A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
          },
          {
            "name": "MS09-022",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-022"
          },
          {
            "name": "35208",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35208"
          },
          {
            "name": "35365",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35365"
          },
          {
            "name": "1022352",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022352"
          },
          {
            "name": "54933",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/54933"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-06-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka \"Print Spooler Read File Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm"
        },
        {
          "name": "oval:org.mitre.oval:def:5815",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5815"
        },
        {
          "name": "ADV-2009-1541",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1541"
        },
        {
          "name": "TA09-160A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
        },
        {
          "name": "MS09-022",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-022"
        },
        {
          "name": "35208",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35208"
        },
        {
          "name": "35365",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35365"
        },
        {
          "name": "1022352",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022352"
        },
        {
          "name": "54933",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/54933"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-0229",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka \"Print Spooler Read File Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm"
            },
            {
              "name": "oval:org.mitre.oval:def:5815",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5815"
            },
            {
              "name": "ADV-2009-1541",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1541"
            },
            {
              "name": "TA09-160A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
            },
            {
              "name": "MS09-022",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-022"
            },
            {
              "name": "35208",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35208"
            },
            {
              "name": "35365",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35365"
            },
            {
              "name": "1022352",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022352"
            },
            {
              "name": "54933",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/54933"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-0229",
    "datePublished": "2009-06-10T17:37:00",
    "dateReserved": "2009-01-20T00:00:00",
    "dateUpdated": "2024-08-07T04:24:18.406Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:sp4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11AFB73A-1C61-40F1-8415-E4D40BB2699B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"377F7D0C-6B44-4B90-BF90-DAF959880C6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"D21D1DFE-F61B-407E-A945-4F42F86947B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:sp2:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"3461CEA0-6CCF-4AA9-B83A-420E1310C83C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"7F9C7616-658D-409D-8B53-AC00DC55602A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"7AE15F6C-80F6-43A6-86DA-B92116A697A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:x32:*:*:*:*:*:*\", \"matchCriteriaId\": \"33331586-245C-4C11-9869-DD00578F9725\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:sp2:x32:*:*:*:*:*:*\", \"matchCriteriaId\": \"9517571A-BC1A-4838-A094-30081A86D36C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:sp2:x64:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD7CA7F0-9C4D-4172-91BD-90A8C86EE337\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"C162FFF0-1E8F-4DCF-A08F-6C6E324ED878\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A0D2704-C058-420B-B368-372D1129E914\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:gold:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D12423F-FCCD-4F4C-9037-7607C1F1F99E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:sp1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49F99773-D1AF-4596-856A-CA164D4B68E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:sp2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F916C0D-3B99-46F3-A7AE-BAF067361499\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B47EBFCC-1828-45AB-BC6D-FB980929A81A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:sp3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E69F8C21-5996-4083-A02A-F04AE948CEA9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka \\\"Print Spooler Read File Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Servicio de impresi\\u00f3n de Windows en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1 y SP2, y Server 2008 SP2 permite a usuarios locales leer archivos arbitrarios a trav\\u00e9s de un separador de p\\u00e1gina elaborado, alias \\\"Vulnerabilidad de lectura de archivo en cola de impresi\\u00f3n\\\".\"}]",
      "id": "CVE-2009-0229",
      "lastModified": "2024-11-21T00:59:23.930",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:N/A:N\", \"baseScore\": 4.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-06-10T18:00:00.250",
      "references": "[{\"url\": \"http://osvdb.org/54933\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://secunia.com/advisories/35365\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/bid/35208\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id?1022352\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-160A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1541\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-022\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5815\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://osvdb.org/54933\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/35365\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/35208\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1022352\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-160A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1541\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-022\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5815\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-0229\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2009-06-10T18:00:00.250\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka \\\"Print Spooler Read File Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Servicio de impresi\u00f3n de Windows en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1 y SP2, y Server 2008 SP2 permite a usuarios locales leer archivos arbitrarios a trav\u00e9s de un separador de p\u00e1gina elaborado, alias \\\"Vulnerabilidad de lectura de archivo en cola de impresi\u00f3n\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:N/A:N\",\"baseScore\":4.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:sp4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11AFB73A-1C61-40F1-8415-E4D40BB2699B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"377F7D0C-6B44-4B90-BF90-DAF959880C6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"D21D1DFE-F61B-407E-A945-4F42F86947B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:sp2:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"3461CEA0-6CCF-4AA9-B83A-420E1310C83C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"7F9C7616-658D-409D-8B53-AC00DC55602A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"7AE15F6C-80F6-43A6-86DA-B92116A697A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:x32:*:*:*:*:*:*\",\"matchCriteriaId\":\"33331586-245C-4C11-9869-DD00578F9725\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:sp2:x32:*:*:*:*:*:*\",\"matchCriteriaId\":\"9517571A-BC1A-4838-A094-30081A86D36C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:sp2:x64:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD7CA7F0-9C4D-4172-91BD-90A8C86EE337\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C162FFF0-1E8F-4DCF-A08F-6C6E324ED878\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A0D2704-C058-420B-B368-372D1129E914\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:gold:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D12423F-FCCD-4F4C-9037-7607C1F1F99E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:sp1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49F99773-D1AF-4596-856A-CA164D4B68E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:sp2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F916C0D-3B99-46F3-A7AE-BAF067361499\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B47EBFCC-1828-45AB-BC6D-FB980929A81A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:sp3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E69F8C21-5996-4083-A02A-F04AE948CEA9\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/54933\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/35365\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/35208\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1022352\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-160A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1541\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-022\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5815\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://osvdb.org/54933\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35365\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/35208\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1022352\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-160A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1541\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-022\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5815\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2009-AVI-217

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités affectent le gestionnaire de files d'impression de Microsoft Windows permettant à un utilisateur malveillant d'exécuter du code arbitraire à distance, d'accéder à des informations sensibles ou d'élever ses privilèges.

Description

Plusieurs vulnérabilités affectent le gestionnaire de files d'impression de Microsoft Windows (Print Spooler) :

CVE-2009-0228 : une erreur de type débordement de zone mémoire est exploitable par un utilisateur malveillant, non authentifié, pour exécuter du code arbitraire sur l'ordinateur vulnérable ;
CVE-2009-0229 : un défaut permet à un utilisateur malveillant, local et authentifié, sans devoir disposer de droits adminsitrateur, de lire ou d'imprimer tout fichier sur le système vulnérable ;
CVE-2009-0230 : un défaut dans la gestion des droits permet à un utilisateur malveillant, authentifié, d'élever ses privilèges puis de prendre le contrôle de l'ordinateur vulnérable.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Microsoft Windows, toutes versions.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-022 du 09 juin 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eMicrosoft Windows, toutes versions.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectent le gestionnaire de files d\u0027impression\nde Microsoft Windows (Print Spooler)\u00a0:\n\n-   CVE-2009-0228 : une erreur de type d\u00e9bordement de zone m\u00e9moire est\n    exploitable par un utilisateur malveillant, non authentifi\u00e9, pour\n    ex\u00e9cuter du code arbitraire sur l\u0027ordinateur vuln\u00e9rable ;\n-   CVE-2009-0229 : un d\u00e9faut permet \u00e0 un utilisateur malveillant, local\n    et authentifi\u00e9, sans devoir disposer de droits adminsitrateur, de\n    lire ou d\u0027imprimer tout fichier sur le syst\u00e8me vuln\u00e9rable ;\n-   CVE-2009-0230 : un d\u00e9faut dans la gestion des droits permet \u00e0 un\n    utilisateur malveillant, authentifi\u00e9, d\u0027\u00e9lever ses privil\u00e8ges puis\n    de prendre le contr\u00f4le de l\u0027ordinateur vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0229"
    },
    {
      "name": "CVE-2009-0228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0228"
    },
    {
      "name": "CVE-2009-0230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0230"
    }
  ],
  "links": [],
  "reference": "CERTA-2009-AVI-217",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-06-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectent le gestionnaire de files d\u0027impression\nde Microsoft Windows permettant \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance, d\u0027acc\u00e9der \u00e0 des informations sensibles ou\nd\u0027\u00e9lever ses privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans le gestionnaire de files d\u0027impression de Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-022 du 09 juin 2009",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-022.mspx"
    }
  ]
}

CERTA-2009-AVI-217

Vulnerability from certfr_avis - Published: - Updated:

Description

Plusieurs vulnérabilités affectent le gestionnaire de files d'impression de Microsoft Windows (Print Spooler) :

CVE-2009-0228 : une erreur de type débordement de zone mémoire est exploitable par un utilisateur malveillant, non authentifié, pour exécuter du code arbitraire sur l'ordinateur vulnérable ;
CVE-2009-0229 : un défaut permet à un utilisateur malveillant, local et authentifié, sans devoir disposer de droits adminsitrateur, de lire ou d'imprimer tout fichier sur le système vulnérable ;
CVE-2009-0230 : un défaut dans la gestion des droits permet à un utilisateur malveillant, authentifié, d'élever ses privilèges puis de prendre le contrôle de l'ordinateur vulnérable.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Microsoft Windows, toutes versions.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-022 du 09 juin 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eMicrosoft Windows, toutes versions.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectent le gestionnaire de files d\u0027impression\nde Microsoft Windows (Print Spooler)\u00a0:\n\n-   CVE-2009-0228 : une erreur de type d\u00e9bordement de zone m\u00e9moire est\n    exploitable par un utilisateur malveillant, non authentifi\u00e9, pour\n    ex\u00e9cuter du code arbitraire sur l\u0027ordinateur vuln\u00e9rable ;\n-   CVE-2009-0229 : un d\u00e9faut permet \u00e0 un utilisateur malveillant, local\n    et authentifi\u00e9, sans devoir disposer de droits adminsitrateur, de\n    lire ou d\u0027imprimer tout fichier sur le syst\u00e8me vuln\u00e9rable ;\n-   CVE-2009-0230 : un d\u00e9faut dans la gestion des droits permet \u00e0 un\n    utilisateur malveillant, authentifi\u00e9, d\u0027\u00e9lever ses privil\u00e8ges puis\n    de prendre le contr\u00f4le de l\u0027ordinateur vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0229"
    },
    {
      "name": "CVE-2009-0228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0228"
    },
    {
      "name": "CVE-2009-0230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0230"
    }
  ],
  "links": [],
  "reference": "CERTA-2009-AVI-217",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-06-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectent le gestionnaire de files d\u0027impression\nde Microsoft Windows permettant \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance, d\u0027acc\u00e9der \u00e0 des informations sensibles ou\nd\u0027\u00e9lever ses privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans le gestionnaire de files d\u0027impression de Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-022 du 09 juin 2009",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-022.mspx"
    }
  ]
}

GSD-2009-0229

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-0229

Aliases

CVE-2009-0229

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-0229",
    "description": "The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka \"Print Spooler Read File Vulnerability.\"",
    "id": "GSD-2009-0229"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0229"
      ],
      "details": "The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka \"Print Spooler Read File Vulnerability.\"",
      "id": "GSD-2009-0229",
      "modified": "2023-12-13T01:19:44.234336Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2009-0229",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka \"Print Spooler Read File Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm",
            "refsource": "CONFIRM",
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm"
          },
          {
            "name": "oval:org.mitre.oval:def:5815",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5815"
          },
          {
            "name": "ADV-2009-1541",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1541"
          },
          {
            "name": "TA09-160A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
          },
          {
            "name": "MS09-022",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-022"
          },
          {
            "name": "35208",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/35208"
          },
          {
            "name": "35365",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35365"
          },
          {
            "name": "1022352",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1022352"
          },
          {
            "name": "54933",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/54933"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:gold:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:sp2:x64:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:sp2:x32:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:sp4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:sp3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:x32:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:sp1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:sp2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-0229"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka \"Print Spooler Read File Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "35208",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/35208"
            },
            {
              "name": "1022352",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1022352"
            },
            {
              "name": "ADV-2009-1541",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1541"
            },
            {
              "name": "54933",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/54933"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm"
            },
            {
              "name": "35365",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35365"
            },
            {
              "name": "TA09-160A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:5815",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5815"
            },
            {
              "name": "MS09-022",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-022"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-12-07T18:38Z",
      "publishedDate": "2009-06-10T18:00Z"
    }
  }
}

GHSA-9V3G-8955-WQQQ

Vulnerability from github – Published: 2022-05-02 03:13 – Updated: 2022-05-02 03:13

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-0229"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-06-10T18:00:00Z",
    "severity": "MODERATE"
  },
  "details": "The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka \"Print Spooler Read File Vulnerability.\"",
  "id": "GHSA-9v3g-8955-wqqq",
  "modified": "2022-05-02T03:13:43Z",
  "published": "2022-05-02T03:13:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0229"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-022"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5815"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/54933"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35365"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/35208"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1022352"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1541"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2009-0229

Vulnerability from fkie_nvd - Published: 2009-06-10 18:00 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://osvdb.org/54933
secure@microsoft.com	http://secunia.com/advisories/35365
secure@microsoft.com	http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm
secure@microsoft.com	http://www.securityfocus.com/bid/35208
secure@microsoft.com	http://www.securitytracker.com/id?1022352
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-160A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2009/1541
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-022
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5815
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/54933
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35365
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35208
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1022352
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-160A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1541
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-022
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5815

Impacted products

Vendor	Product	Version
microsoft	windows_2000	sp4
microsoft	windows_2003_server	sp2
microsoft	windows_2003_server	sp2
microsoft	windows_2003_server	sp2
microsoft	windows_server_2008	*
microsoft	windows_server_2008	-
microsoft	windows_server_2008	-
microsoft	windows_server_2008	sp2
microsoft	windows_server_2008	sp2
microsoft	windows_vista	*
microsoft	windows_vista	*
microsoft	windows_vista	gold
microsoft	windows_vista	sp1
microsoft	windows_vista	sp2
microsoft	windows_xp	-
microsoft	windows_xp	-
microsoft	windows_xp	sp3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:sp4:*:*:*:*:*:*:*",
              "matchCriteriaId": "11AFB73A-1C61-40F1-8415-E4D40BB2699B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*",
              "matchCriteriaId": "377F7D0C-6B44-4B90-BF90-DAF959880C6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "D21D1DFE-F61B-407E-A945-4F42F86947B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:x64:*:*:*:*:*",
              "matchCriteriaId": "3461CEA0-6CCF-4AA9-B83A-420E1310C83C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "7AE15F6C-80F6-43A6-86DA-B92116A697A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:x32:*:*:*:*:*:*",
              "matchCriteriaId": "33331586-245C-4C11-9869-DD00578F9725",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:sp2:x32:*:*:*:*:*:*",
              "matchCriteriaId": "9517571A-BC1A-4838-A094-30081A86D36C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:sp2:x64:*:*:*:*:*:*",
              "matchCriteriaId": "CD7CA7F0-9C4D-4172-91BD-90A8C86EE337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:gold:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D12423F-FCCD-4F4C-9037-7607C1F1F99E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49F99773-D1AF-4596-856A-CA164D4B68E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:sp2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F916C0D-3B99-46F3-A7AE-BAF067361499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47EBFCC-1828-45AB-BC6D-FB980929A81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:sp3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E69F8C21-5996-4083-A02A-F04AE948CEA9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka \"Print Spooler Read File Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Servicio de impresi\u00f3n de Windows en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1 y SP2, y Server 2008 SP2 permite a usuarios locales leer archivos arbitrarios a trav\u00e9s de un separador de p\u00e1gina elaborado, alias \"Vulnerabilidad de lectura de archivo en cola de impresi\u00f3n\"."
    }
  ],
  "id": "CVE-2009-0229",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-06-10T18:00:00.250",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/54933"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/35365"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/35208"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1022352"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2009/1541"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-022"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/54933"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35365"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35208"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5815"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-0229 (GCVE-0-2009-0229)

CERTA-2009-AVI-217

Description

Solution

CERTA-2009-AVI-217

Description

Solution

GSD-2009-0229

GHSA-9V3G-8955-WQQQ

FKIE_CVE-2009-0229

Tags

Sightings

Nomenclature