CVE Vulnerability

CVE-2007-1209

Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.

7.2 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://research.eeye.com/html/advisories/published/AD20070410b.html
http://www.securityfocus.com/bid/23338
http://www.securitytracker.com/id?1017897
http://www.osvdb.org/34008
http://www.us-cert.gov/cas/techalerts/TA07-100A.html US Government Resource
http://www.kb.cert.org/vuls/id/219848 US Government Resource
http://secunia.com/advisories/24823
http://securityreason.com/securityalert/2531
http://www.vupen.com/english/advisories/2007/1325 Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021
http://www.securityfocus.com/archive/1/466331/100/200/threaded
http://www.securityfocus.com/archive/1/465233/100/0/threaded
Configurations

Configuration 1

cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
Information

Published : 2007-04-10 09:19

Updated : 2018-10-16 04:37

NVD link : CVE-2007-1209

Mitre link : CVE-2007-1209

Products Affected
No products.
CWE
CWE-399