CVE-2009-0568Microsoft Windows Server vulnerability

CWE-2642 documents2 sources
Severity
10.0CRITICALNVD
EPSS
56.2%
top 1.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Windows Server
Timeline
PublishedJun 10
Latest updateMay 2

Description

The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engi

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-q3p5-hhw7-66hg: The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 doe2022-05-02
CVE-2009-0568 — Microsoft Windows Server vulnerability | cvebase