cbcvebase.
CVE-2009-0079
published 2009-04-15

CVE-2009-0079: The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that…

PriorityP178medium6.9CVSS 2.0
AVLACMAuNCCICAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.06%
89.4th percentile
The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6705.zip
  • Monitor for local privilege escalation attempts targeting the RPCSS service (rpcss.dll / svchost.exe hosting RPCSS) where a process running under NetworkService or LocalService account attempts to access resources belonging to another process sharing the same account, potentially escalating to LocalSystem.
  • Alert on unexpected privilege escalation to LocalSystem originating from processes running under NetworkService or LocalService accounts, particularly those interacting with RPCSS.
  • ·Vulnerability is limited to Windows XP SP2/SP3 and Windows Server 2003 SP1/SP2; later OS versions are not affected.
  • ·This is a local privilege escalation only; an attacker must already have local access to the system to exploit the RPCSS service isolation weakness.

CVSS provenance

nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
vulncheck6.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.