CVE-2009-1926

Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/57797
http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926
http://www.securityfocus.com/archive/1/506331/100/0/threaded
http://www.securityfocus.com/bid/36269
http://www.us-cert.gov/cas/techalerts/TA09-251A.html	US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965
http://osvdb.org/57797
http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926
http://www.securityfocus.com/archive/1/506331/100/0/threaded
http://www.securityfocus.com/bid/36269
http://www.us-cert.gov/cas/techalerts/TA09-251A.html	US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_2000:-:sp4::::::
	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
	cpe:2.3:o:microsoft:windows_server_2008:::itanium:::::*
	cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:::::*
	cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:::::*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:::::*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:::::*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:::::*
	cpe:2.3:o:microsoft:windows_vista::::::::
	cpe:2.3:o:microsoft:windows_vista::sp1::::::*
	cpe:2.3:o:microsoft:windows_vista::sp2::::::*
	cpe:2.3:o:microsoft:windows_vista:-:-:x64:::::*
	cpe:2.3:o:microsoft:windows_vista:-:sp1::::::
	cpe:2.3:o:microsoft:windows_vista:-:sp2::::::
	cpe:2.3:o:microsoft:windows_xp::sp2::::::*
	cpe:2.3:o:microsoft:windows_xp::sp2:professional:::::
	cpe:2.3:o:microsoft:windows_xp::sp3::::::*

History

21 Nov 2024, 01:03

Type	Values Removed	Values Added
References	~~() http://osvdb.org/57797 -~~	() http://osvdb.org/57797 -
References	~~() http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926 -~~	() http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926 -
References	~~() http://www.securityfocus.com/archive/1/506331/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/506331/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/36269 -~~	() http://www.securityfocus.com/bid/36269 -
References	~~() http://www.us-cert.gov/cas/techalerts/TA09-251A.html - US Government Resource~~	() http://www.us-cert.gov/cas/techalerts/TA09-251A.html - US Government Resource
References	~~() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048 -~~	() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965 -

07 Dec 2023, 18:38

Type	Values Removed	Values Added
CPE	cpe:2.3:o:microsoft:windows_vista::sp2:x64::::: cpe:2.3:o:microsoft:windows_vista::sp1:x64:::::	cpe:2.3:o:microsoft:windows_vista::sp1::::::* cpe:2.3:o:microsoft:windows_vista::sp2::::::*

Information

Published : 2009-09-08 22:30

Updated : 2024-11-21 01:03

NVD link : CVE-2009-1926

Mitre link : CVE-2009-1926

CVE.ORG link : CVE-2009-1926

JSON object : View

Products Affected

microsoft

windows_server_2008
windows_server_2003
windows_vista
windows_xp
windows_2000

CWE

NVD-CWE-Other

7.8 /10