CVE-2009-0078

EXPLOITED

Microsoft Windows - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2009-0078 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Cesar Cerrudo.

AI-analyzed exploit summary The provided content lacks actual exploit code and instead references an external download link (GitLab) for a binary exploit. It includes minimal technical details about CVE-2009-0078, a privilege escalation vulnerability in Microsoft Windows, without demonstrating the exploit mechanism.

Description

The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."

Exploits (1)

exploitdb SUSPICIOUS VERIFIED
by Cesar Cerrudo · textlocalwindows
https://www.exploit-db.com/exploits/32891

The provided content lacks actual exploit code and instead references an external download link (GitLab) for a binary exploit. It includes minimal technical details about CVE-2009-0078, a privilege escalation vulnerability in Microsoft Windows, without demonstrating the exploit mechanism.

Classification
Suspicious 90%
Attack Type
Lpe
Complexity
Theoretical
Reliability
Theoretical
Target: Microsoft Windows (XP SP2, Server 2003, Vista, Server 2008)
Auth required
Prerequisites: Local access to the target system · Valid user credentials
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6193
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/53666
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022044
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA09-104A.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1026

Scores

EPSS 0.0490
EPSS Percentile 89.9%

Details

VulnCheck KEV 2009-04-14
CWE
CWE-264
Status published
Products (5)
microsoft/windows_server_2003 (4 CPE variants)
microsoft/windows_server_2008 (4 CPE variants)
microsoft/windows_vista (3 CPE variants)
microsoft/windows_vista gold
microsoft/windows_xp (4 CPE variants)
Published Apr 15, 2009
Tracked Since Feb 18, 2026