CVE-2009-2653
Microsoft Windows XP SP2-SP3 & Server 2003 - Privilege Escalation
Title source: llmDescription
The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.
Exploits (1)
exploitdb
SUSPICIOUS
VERIFIED
by NT Internals · textlocalwindows
https://www.exploit-db.com/exploits/9301
References (6)
Core 6
Core References
Exploit x_refsource_misc
http://www.ntinternals.org/index.html#09_07_30
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1022630
Various Sources x_refsource_misc
http://blogs.technet.com/srd/archive/2009/06/11/latest-baidu-public-posting-requires-adminisrator-to-elevate.aspx
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/56780
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/9301
Exploit x_refsource_misc
http://hi.baidu.com/azy0922/blog/item/f950cbc2890729130ef47783.html
Scores
EPSS
0.0226
EPSS Percentile
84.7%
Details
CWE
CWE-264
Status
published
Products (2)
microsoft/windows_server_2003
microsoft/windows_xp
(2 CPE variants)
Published
Aug 03, 2009
Tracked Since
Feb 18, 2026