Microsoft Windows Print Spooler Multiple Vulnerabilities ( 10 June 2009 )

1. Buffer Overflow in Print Spooler Vulnerability

A remote code execution vulnerability exists in the Windows Print Spooler that could allow a remote, unauthenticated attacker to execute arbitrary code on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

2. Print Spooler Read File Vulnerability

A local, authenticated information disclosure vulnerability exists in the Windows Printing Service that could allow a user to read or print any file on the system. This action can be taken even if the user does not have administrative access. However, the vulnerability could not be exploited remotely or by anonymous users.

3. Print Spooler Load Library Vulnerability

A remote, authenticated elevation of privilege vulnerability exists in the Windows Print Spooler that could allow an arbitrary dynamic link library (DLL) to be loaded by the Print Spooler. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.