CVE-2009-0320

Published: Jan 28, 2009Modified: Apr 23, 2026

4.0

Vector

AV:L/AC:H/Au:N/C:C/I:N/A:N

Exploitability: 1.9 / Impact: 6.9

Source: NVD

Description

Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."

Affected (4)

Products: Microsoft: Windows Server 2003, Windows Server 2008, Windows Vista, Windows Xp

4 products

Windows Server 2003

Windows Server 2008

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (4)

http://www.securityfocus.com/archive/1/500393/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/33440

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/500393/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/33440

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.