cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_2003_server::sp2:itanium cpe:/o:microsoft:windows_2003_server::sp2:x64 cpe:/o:microsoft:windows_server_2008:::x32 cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_server_2008::sp2:x32 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_server_2008:-:gold:itanium cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_xp:-:sp2:x64 CVE-2009-2513 2009-11-11T14:30:00.360-05:00 2017-09-18T21:29:10.407-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-11-12T08:01:00.000-05:00 MS MS09-065 CERT TA09-314A The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."