Skip to content

The ThreadPool class in Windows Vista Gold and SP1, and...

Moderate severity Unreviewed Published May 2, 2022 to the GitHub Advisory Database • Updated Jan 31, 2023

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by leveraging incorrect thread ACLs to access the resources of one of the processes, aka "Windows Thread Pool ACL Weakness Vulnerability."

References

Published by the National Vulnerability Database Apr 15, 2009
Published to the GitHub Advisory Database May 2, 2022
Last updated Jan 31, 2023

Severity

Moderate

EPSS score

0.048%
(19th percentile)

Weaknesses

CVE ID

CVE-2009-0080

GHSA ID

GHSA-x82p-3w9h-8xq7

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.