Description
Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/33440
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/500393/100/0/threaded
Scores
EPSS
0.0145
EPSS Percentile
70.0%
Details
CWE
CWE-200
CWE-362
Status
published
Products (4)
microsoft/windows_server_2003
microsoft/windows_server_2008
microsoft/windows_vista
microsoft/windows_xp
Published
Jan 28, 2009
Tracked Since
Feb 18, 2026