CVE-2009-1808

Windows XP SP3 - Denial of Service via SPI_SETDESKWALLPAPER SystemParametersInfo Call

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1808. PoCs published by Arkon.

AI-analyzed exploit summary This exploit demonstrates a local privilege escalation vulnerability in Microsoft Windows by exploiting a buffer overflow in the SystemParametersInfo function when handling desktop wallpaper settings. The code triggers the vulnerability by setting and retrieving an overly long wallpaper path, potentially leading to arbitrary code execution with kernel privileges.

Description

Microsoft Windows XP SP3 allows local users to cause a denial of service (system crash) by making an SPI_SETDESKWALLPAPER SystemParametersInfo call with an improperly terminated pvParam argument, followed by an SPI_GETDESKWALLPAPER SystemParametersInfo call.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Arkon · clocalwindows

https://www.exploit-db.com/exploits/33012

View Code ZIP pw:eip

This exploit demonstrates a local privilege escalation vulnerability in Microsoft Windows by exploiting a buffer overflow in the SystemParametersInfo function when handling desktop wallpaper settings. The code triggers the vulnerability by setting and retrieving an overly long wallpaper path, potentially leading to arbitrary code execution with kernel privileges.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Windows (versions affected by CVE-2009-1808)

Auth required

Prerequisites: Local access to the target system · Ability to execute arbitrary code on the target system

MITRE ATT&CK