CVE-2009-0320

Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-01-28 18:30

Updated : 2024-02-28 11:21


NVD link : CVE-2009-0320

Mitre link : CVE-2009-0320

CVE.ORG link : CVE-2009-0320


JSON object : View

Products Affected

microsoft

  • windows_xp
  • windows_server_2008
  • windows_vista
  • windows_server_2003
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')