MS09-063 Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)
Critical - Remote Code Execution This security update resolves a privately reported vulnerability in the Web Services on Devices Application Programming Interface (WSDAPI) on the Windows operating system. The vulnerability could allow remote code execution if an affected Windows system receives a specially crafted packet. Only attackers on the local subnet would be able to exploit this vulnerability.
Bulletin details at Microsoft.com
Bulletin details at Microsoft.com
Related CVE Entries
The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages, which allows remote attackers to execute arbitrary code via a crafted (1) message or (2) response, aka "Web Services on Devices API Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
91.45%
Published
2009-11-11
Updated
2023-12-07