ID CVE-2007-0211
Summary The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2003_server:sp1
    cpe:2.3:o:microsoft:windows_2003_server:sp1
  • Microsoft Windows XP Professional Gold
    cpe:2.3:o:microsoft:windows_xp:-:gold:professional
  • Microsoft windows xp_sp2 tablet_pc
    cpe:2.3:o:microsoft:windows_xp:-:sp2:tablet_pc
CVSS
Base: 7.2 (as of 13-02-2007 - 21:47)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS07-006.NASL
description The remote version of Windows contains a version of the Windows Shell that contains a vulnerability in the way it performs detection and registration of new hardware. An authenticated user may exploit this vulnerability to elevate his privileges.
last seen 2019-02-21
modified 2018-11-15
plugin id 24330
published 2007-02-13
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=24330
title MS07-006: Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255)
oval via4
accepted 2011-05-09T04:01:27.636-04:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft Windows XP SP1 (64-bit) is installed
    oval oval:org.mitre.oval:def:480
  • comment Microsoft Windows Server 2003 (x86) Gold is installed
    oval oval:org.mitre.oval:def:165
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
description The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
family windows
id oval:org.mitre.oval:def:224
status accepted
submitted 2007-02-13T14:38:21
title Vulnerability in Windows Shell Could Allow Elevation of Privilege
version 68
refmap via4
bid 22481
cert TA07-044A
cert-vn VU#240796
ms MS07-006
osvdb 31890
sectrack 1017633
secunia 24126
vupen ADV-2007-0575
Last major update 07-03-2011 - 21:49
Published 13-02-2007 - 15:28
Last modified 12-10-2018 - 17:42
Back to Top