CVE-2009-0080

EXPLOITED

Windows Vista Gold/SP1 & Server 2008 - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2009-0080 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Cesar Cerrudo.

AI-analyzed exploit summary The provided content lacks actual exploit code and instead references an external download link (GitLab) for a binary exploit. This is characteristic of a suspicious entry designed to lure researchers into downloading potentially malicious or unverified content.

Description

The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by leveraging incorrect thread ACLs to access the resources of one of the processes, aka "Windows Thread Pool ACL Weakness Vulnerability."

Exploits (1)

exploitdb SUSPICIOUS VERIFIED

by Cesar Cerrudo · textlocalwindows

https://www.exploit-db.com/exploits/32893

View Code ZIP pw:eip

The provided content lacks actual exploit code and instead references an external download link (GitLab) for a binary exploit. This is characteristic of a suspicious entry designed to lure researchers into downloading potentially malicious or unverified content.

Classification

Suspicious 90%

Attack Type

Lpe

Complexity

Theoretical

Reliability

Theoretical

Target: Microsoft Windows Vista, Windows Server 2008

Auth required

Prerequisites: Local access to the target system · Exploit binary from external source

MITRE ATT&CK