Content
(MS09-022) Microsoft Windows Buffer Overflow in Print Spooler Vulnerability (961501)
- Type
- Buffer Overflow
- Impact of exploitation
- Remote Code Execution
- User Interaction
- no user interaction is needed
- Attack Vector
- Malicious remote network traffic
- Rating
- Medium
- CVE reference
- CVE-2009-0228,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows 2000 SP4,
- Summary
- A buffer overflow vulnerability in the Microsoft Windows Print Spooler may allow for remote code execution attacks.
Tab Navigation
Description
A buffer overflow vulnerability in the Microsoft Windows Print Spooler may allow for remote code execution attacks. An attacker, with a malicious print server can send specially-crafted RPC requests to vulnerable systems, causing them to improperly parse the 'ShareName' on the attacker's malicious print server. Once compromised, the attacker will be able to execute arbitrary code, with system privileges, on the affected system.
McAfee Product Mitigation & Recommendations
Recommendations
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-022.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-022) Microsoft Windows Buffer Overflow in Print Spooler Vulnerability (961501)
- Signature identifier:
- 6761
- Release date:
- 6/9/2009
McAfee Intrushield
- Signature:
- NETBIOS-SS: Microsoft Print Spooler Vulnerability
- Signature identifier:
- 0x4070A900
- Release date:
- 6/9/2009
- First released in:
- 4.1.51, 5.1.21
The Remedy V-Flash of June 10 contains remedies.
Additional Resources
Vulnerabilities in the Windows Print Spooler Could Allow Remote Code Execution (961501)
http://www.microsoft.com/technet/security/bulletin/ms09-022.mspx
All Information
Timeline -
6/9/2009
Vendor has provided a patch.
Description -
A buffer overflow vulnerability in the Microsoft Windows Print Spooler may allow for remote code execution attacks. An attacker, with a malicious print server can send specially-crafted RPC requests to vulnerable systems, causing them to improperly parse the 'ShareName' on the attacker's malicious print server. Once compromised, the attacker will be able to execute arbitrary code, with system privileges, on the affected system.
McAfee Product Mitigation & Recommendations
Recommendations -
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-022.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-022) Microsoft Windows Buffer Overflow in Print Spooler Vulnerability (961501)
- Signature identifier:
- 6761
- Release date:
- 6/9/2009
McAfee Intrushield
- Signature:
- NETBIOS-SS: Microsoft Print Spooler Vulnerability
- Signature identifier:
- 0x4070A900
- Release date:
- 6/9/2009
- First released in:
- 4.1.51, 5.1.21
The Remedy V-Flash of June 10 contains remedies.
Additional Resources
Additional Resources -
Vulnerabilities in the Windows Print Spooler Could Allow Remote Code Execution (961501)
http://www.microsoft.com/technet/security/bulletin/ms09-022.mspx
