Moderate

CVE-2009-0229 - Information Leak / Disclosure vulnerability in Microsoft Windows

Publication: 2009-06-10
Summary

The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."

Classification
CWE-200: Information Leak / Disclosure

Risk level (CVSS 4.9)

Moderate

4.9

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Microsoft Windows 2000 sp4
  • Microsoft Windows XP sp3
  • Microsoft Windows 2003 Server sp2
  • Microsoft Windows 2003 Server sp2
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2008 -
  • Microsoft Windows Server 2008 -
  • Microsoft Windows Server 2008 sp2
  • Microsoft Windows 2003 Server sp2
  • Microsoft Windows Vista
  • Microsoft Windows Vista
  • Microsoft Windows Vista gold
  • Microsoft Windows Vista sp1
  • Microsoft Windows Vista sp2
  • Microsoft Windows XP -
  • Microsoft Windows XP -
  • Microsoft Windows Server 2008 sp2