cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003:::x64 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista:gold cpe:/o:microsoft:windows_xp:::x64 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp2:x64 cpe:/o:microsoft:windows_xp::sp3 CVE-2009-0081 2009-03-10T16:30:00.343-04:00 2017-09-28T21:33:36.777-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-03-11T08:26:00.000-04:00 ALLOWS_ADMIN_ACCESS SECTRACK 1021826 BID 34012 SECUNIA 34117 OSVDB 52522 VUPEN ADV-2009-0659 MS MS09-006 CERT TA09-069A CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-079.htm CONFIRM http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=842987&poid= The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."