CVE-2009-0079

EXPLOITED

Windows XP SP2-SP3 and Server 2003 SP1-SP2 - Privilege Escalation via RPCSS Service Isolation

Title source: llm

Exploitation Summary

CVE-2009-0079 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Cesar Cerrudo.

AI-analyzed exploit summary The provided content lacks actual exploit code and instead references an external download link, which is a common tactic for suspicious or malicious repositories. No technical details about the vulnerability are included.

Description

The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."

Exploits (1)

exploitdb SUSPICIOUS VERIFIED

by Cesar Cerrudo · textlocalwindows

https://www.exploit-db.com/exploits/32892

View Code ZIP pw:eip

The provided content lacks actual exploit code and instead references an external download link, which is a common tactic for suspicious or malicious repositories. No technical details about the vulnerability are included.

Classification

Suspicious 90%

Attack Type

Lpe

Complexity

Theoretical

Reliability

Theoretical

Target: Microsoft Windows XP SP2, Windows Server 2003

No auth needed

Prerequisites: Access to the target system

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/53667

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1022044

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA09-104A.html

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1026

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6147

Scores

EPSS 0.0075

EPSS Percentile 73.7%

Details

VulnCheck KEV 2009-04-14

CWE

CWE-264

Status published

Products (2)

microsoft/windows_server_2003 (4 CPE variants)

microsoft/windows_xp (4 CPE variants)

Published Apr 15, 2009

Tracked Since Feb 18, 2026