CVE-2009-0320

Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:59

Type Values Removed Values Added
References () http://www.securityfocus.com/archive/1/500393/100/0/threaded - () http://www.securityfocus.com/archive/1/500393/100/0/threaded -
References () http://www.securityfocus.com/bid/33440 - () http://www.securityfocus.com/bid/33440 -

Information

Published : 2009-01-28 18:30

Updated : 2024-11-21 00:59


NVD link : CVE-2009-0320

Mitre link : CVE-2009-0320

CVE.ORG link : CVE-2009-0320


JSON object : View

Products Affected

microsoft

  • windows_server_2003
  • windows_vista
  • windows_server_2008
  • windows_xp
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')