CVE-2009-2512
high-risk
Published 2009-11-11
The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages, which allows remote attackers to execute arbitrary code via a crafted (1) message or (2) response, aka "Web Services on Devices API Memory Corruption Vulnerability."
Do I need to act?
!
37.8% chance of exploitation in next 30 days
EPSS score — higher than 62% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (12)
Affected Vendors
References (6)
US Government Resource
http://www.us-cert.gov/cas/techalerts/TA09-314A.html
US Government Resource
http://www.us-cert.gov/cas/techalerts/TA09-314A.html
65
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
16/34 · Moderate
Exposure
17/34 · Moderate