• 공개일 : 2009-08-13
• 변경일 : 2010-08-21

• 위험도: 6.9
• 액세스 벡터 : LOCAL
• 액세스 복잡성 : 보통
• 인증 : 없음
• 기밀성 영향 : 전체
• 무결성 영향 : 전체
• 가용성 영향 : 전체
• 출처 : http://nvd.nist.gov
• 공개일 : 2009-08-13

The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."

• CERT, TA09-223A
• MS, MS09-040
• SECTRACK, 1022714
• BUGTRAQ, 20090812 [PT-2008-09] Microsoft Windows MSMQ Privilege Escalation Vul..
• SECUNIA, 36214
• OSVDB, 56901
• MISC, http://en.securitylab.ru/lab/PT-2008-09

• microsoft windows_server_2003 itanium
• microsoft windows_server_2003 x64
• microsoft windows_vista - x64
• microsoft windows_xp -
• microsoft windows_server_2003
• microsoft windows_vista
• microsoft windows_2000 -
• microsoft windows_xp - x64