Arbitrary Code Execution Vulnerability in gzip Libraries for Microsoft Windows
CVE-2009-1216

Currently unrated

Key Information:

Vendor
Microsoft
Status
Windows Vista
Windows Services For Unix
Subsystem For Unix-based Applications
Windows Server 2008
Vendor
CVE Published:
1 April 2009

Summary

Multiple vulnerabilities exist in the gzip libraries included with Microsoft Windows products, specifically in the files unlzh.c and unpack.c. These vulnerabilities may allow a remote attacker to execute arbitrary code on affected systems. The flaws are found in various versions of Windows Server 2008, Windows Services for UNIX, and the Subsystem for UNIX-based Applications, as well as in specific releases of the gunzip, gzip, and unpack applications prior to their respective updates. Exploiting these vulnerabilities could give attackers the capability to compromise the affected systems through various unknown vectors.

References

http://www.vupen.com/english/advisories/2009/0849
vdb-entryx_refsource_VUPEN
http://securitytracker.com/id?1021937
vdb-entryx_refsource_SECTRACK
http://support.microsoft.com/kb/953602
vendor-advisoryx_refsource_MSKB

EPSS Score

40% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2009-1216 : Arbitrary Code Execution Vulnerability in gzip Libraries for Microsoft Windows | SecurityVulnerability.io