CVE-2009-2505

Published: Dec 9, 2009Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."

Affected (4)

Products: Microsoft: Windows Server 2008, Windows Vista

2 products

Windows Server 2008

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	Version sp2 x32
Microsoft Windows Server 2008	Version sp2 x64
Microsoft Windows Vista	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (8)

http://www.securitytracker.com/id?1023291

Source: secure@microsoft.com

http://www.us-cert.gov/cas/techalerts/TA09-342A.html

Source: secure@microsoft.com

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-071

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6063

Source: secure@microsoft.com

http://www.securitytracker.com/id?1023291

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA09-342A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-071

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6063

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.