CVE-2009-0078
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2009-0078
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft Windows WMI服务隔离本地权限提升漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft Windows是美国微软(Microsoft)公司发布的一系列操作系统。 Windows管理规范(WMI)提供程序没有正确地隔离NetworkService或LocalService帐号下运行的进程,同一帐号下运行的两个独立进程可以完全访问对方的文件句柄、注册表项等资源。WMI提供程序主机进程在某些情况下会持有SYSTEM令牌,如果攻击者可以以NetworkService或LocalService帐号访问计算机,攻击者就可以执行代码探索SYSTEM令牌的WMI提供程序主机进程。一旦找到
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2009-0078
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2009-0078
请登录查看更多情报信息。
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012vendor-advisoryx_refsource_MS
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6193vdb-entrysignaturex_refsource_OVAL
- https://nvd.nist.gov/vuln/detail/CVE-2009-0078
Same Patch Batch · n/a · 2009-04-15 · 63 CVEs total
| CVE-2009-1012 | Oracle BEA WebLogic Server Apache和IIS web服务器插件未明安全漏洞 | |
| CVE-2009-0235 | Microsoft Wordpad Word 97转换器 远程代码执行漏洞 | |
| CVE-2009-0551 | Microsoft Internet Explorer 错误未正确处理和内存破坏漏洞 | |
| CVE-2009-0550 | Microsoft Windows NTLM凭据反射远程代码执行漏洞 | |
| CVE-2009-0237 | Microsoft ISA Server和Forefront TMG跨站脚本漏洞 | |
| CVE-2009-0077 | Microsoft ISA Server安全漏洞 | |
| CVE-2009-1017 | Oracle Application Server 安全漏洞 | |
| CVE-2009-1016 | Oracle BEA Product Suite WebLogic Server组件未明身份认证和访问控制漏洞 | |
| CVE-2009-1014 | Oracle PeopleSoft Enterprise 组件PeopleSoft Enterprise PeopleTool 未明安全漏洞 | |
| CVE-2009-1013 | Oracle PeopleSoft Enterprise 组件PeopleSoft Enterprise PeopleTool 未明安全漏洞 | |
| CVE-2009-0079 | Microsoft Windows RPCSS服务隔离本地权限提升漏洞 | |
| CVE-2009-1011 | Oracle Application Server 组件Outside In Technology 未明本地身份认证和权限管理漏洞 | |
| CVE-2009-1010 | Oracle Application Server 组件Outside In Technology 未明本地身份认证和权限管理漏洞 | |
| CVE-2009-1009 | Oracle Application Server 组件Outside In Technology 未明本地身份认证和权限管理漏洞 | |
| CVE-2009-1008 | Oracle Application Server 组件Outside In Technology 未明本地身份认证和权限管理漏洞 | |
| CVE-2009-1006 | Oracle BEA Product Suite 组件JRockit 未明安全漏洞 | |
| CVE-2009-1005 | Oracle BEA Product Suite 组件Data Service Integrator 未明身份认证和权限管理漏洞 | |
| CVE-2009-1004 | Oracle BEA Product Suite 组件WebLogic Server 未明安全漏洞 | |
| CVE-2009-1003 | Oracle BEA Product Suite 组件WebLogic Server 未明安全漏洞 | |
| CVE-2009-1002 | Oracle BEA Product Suite 组件WebLogic Server 未明权限提升漏洞 |
Showing top 20 of 63 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. Comments for CVE-2009-0078
No comments yet