CVE-2009-1216

Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA); as used in gunzip, gzip, pack, pcat, and unpack 7.x before 7.0.1701.48, 8.x before 8.0.1969.62, and 9.x before 9.0.3790.2076; allow remote attackers to execute arbitrary code via unknown vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/34428	Vendor Advisory
http://securitytracker.com/id?1021937
http://support.microsoft.com/kb/953602	Vendor Advisory
http://www.securityfocus.com/bid/34258
http://www.vupen.com/english/advisories/2009/0849	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/49435
http://secunia.com/advisories/34428	Vendor Advisory
http://securitytracker.com/id?1021937
http://support.microsoft.com/kb/953602	Vendor Advisory
http://www.securityfocus.com/bid/34258
http://www.vupen.com/english/advisories/2009/0849	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/49435

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:subsystem_for_unix-based_applications::::::::
	cpe:2.3:a:microsoft:windows_services_for_unix:3.0:-:std:::::*
	cpe:2.3:a:microsoft:windows_services_for_unix:3.5:::::::*
	cpe:2.3:o:microsoft:windows_server_2008::::::::
	cpe:2.3:o:microsoft:windows_vista::::::::
	cpe:2.3:o:microsoft:windows_vista:::enterprise:::::*
	cpe:2.3:o:microsoft:windows_vista:::ultimate:::::*

History

No history.

Information

Published : 2009-04-01 18:00

Updated : 2025-04-09 00:30

NVD link : CVE-2009-1216

Mitre link : CVE-2009-1216

CVE.ORG link : CVE-2009-1216

JSON object : View

Products Affected

microsoft

windows_services_for_unix
subsystem_for_unix-based_applications
windows_server_2008
windows_vista

CWE

NVD-CWE-noinfo

{"id": "CVE-2009-1216", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-04-01T18:00:00.233", "references": [{"url": "http://secunia.com/advisories/34428", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1021937", "source": "cve@mitre.org"}, {"url": "http://support.microsoft.com/kb/953602", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/34258", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/0849", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49435", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/34428", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1021937", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.microsoft.com/kb/953602", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/34258", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2009/0849", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49435", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA); as used in gunzip, gzip, pack, pcat, and unpack 7.x before 7.0.1701.48, 8.x before 8.0.1969.62, and 9.x before 9.0.3790.2076; allow remote attackers to execute arbitrary code via unknown vectors."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades no especificadas en (1) unlzh.c y (2) unpack.c en las librer\u00edas gzip en Microsoft Windows Server 2008, Windows Services para UNIX 3.0 y 3.5, y el subsistema para UNIX-based Applications (SUA); como lo utilizado en gunzip, gzip, pack, pcat, y unpack 7.x versiones anteriores a 7.0.1701.48, 8.x versiones anteriores a 8.0.1969.62, y 9.x versiones anteriores a 9.0.3790.2076; permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores desconocidos."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:subsystem_for_unix-based_applications:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57DB32FA-500C-4B3F-945E-ED9293F4C214"}, {"criteria": "cpe:2.3:a:microsoft:windows_services_for_unix:3.0:-:std:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "797D9EB7-A39A-4A36-B7C0-789BD2B2E031"}, {"criteria": "cpe:2.3:a:microsoft:windows_services_for_unix:3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAD55F3F-C961-4E84-AC69-188306ADDE4C"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B33C9BD-FC34-4DFC-A81F-C620D3DAA79D"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FF0D88B-821D-4E45-A2EC-5279B9190356"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:ultimate:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0257B7A-A8D1-4AC9-98C8-324B5B810877"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}