ID CVE-2007-1209
Summary Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 16-10-2018 - 16:37)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
assigner via4 cve@mitre.org
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2012-11-19T04:00:26.714-05:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment Microsoft Windows Vista is installed
    oval oval:org.mitre.oval:def:228
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
description Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.
family windows
id oval:org.mitre.oval:def:1524
status accepted
submitted 2007-04-10T16:31:02
title CSRSS Local Elevation of Privilege Vulnerability
version 71
refmap via4
bid 23338
bugtraq 20070410 EEYE: Windows Vista CSRSS Dangling Process Pointer Privilege Escalation
cert TA07-100A
cert-vn VU#219848
hp
  • HPSBST02208
  • SSRT071365
misc http://research.eeye.com/html/advisories/published/AD20070410b.html
ms MS07-021
osvdb 34008
sectrack 1017897
secunia 24823
sreason 2531
vupen ADV-2007-1325
vulnerable_product via4 cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
Last major update 16-10-2018 - 16:37
Published 10-04-2007 - 21:19
Back to Top