CVE-2009-0229

Microsoft Windows - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0229. PoCs published by zveriu.

AI-analyzed exploit summary This repository provides a detailed writeup and proof-of-concept for CVE-2009-0229, a local privilege escalation vulnerability in the Windows Print Spooler service. The exploit leverages the 'Separator Page' feature to read arbitrary files by configuring a printer to use a malicious separator file.

Description

The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."

Exploits (1)

nomisec WRITEUP 3 stars
by zveriu · poc
https://github.com/zveriu/CVE-2009-0229-PoC

This repository provides a detailed writeup and proof-of-concept for CVE-2009-0229, a local privilege escalation vulnerability in the Windows Print Spooler service. The exploit leverages the 'Separator Page' feature to read arbitrary files by configuring a printer to use a malicious separator file.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Theoretical
Target: Windows Print Spooler Service
Auth required
Prerequisites: Local attacker with printer management rights · Target file without explicit 'Deny Read' permissions
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5815
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1541
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA09-160A.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35208
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35365
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022352
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/54933

Scores

EPSS 0.0393
EPSS Percentile 89.1%

Details

CWE
CWE-200
Status published
Products (10)
microsoft/windows_2000 sp4
microsoft/windows_2003_server sp2 (3 CPE variants)
microsoft/windows_server_2008 (3 CPE variants)
microsoft/windows_server_2008 sp2 x32 (2 CPE variants)
microsoft/windows_vista (2 CPE variants)
microsoft/windows_vista gold
microsoft/windows_vista sp1
microsoft/windows_vista sp2
microsoft/windows_xp (2 CPE variants)
microsoft/windows_xp sp3
Published Jun 10, 2009
Tracked Since Feb 18, 2026