CVE-2007-1973 - Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 al

CVE-2007-1973

Summary

Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206.

References

http://osvdb.org/37635
http://research.eeye.com/html/advisories/published/AD20070410a.html
http://securityreason.com/securityalert/2563
http://www.securityfocus.com/archive/1/465232/100/0/threaded

Vulnerable Configurations

cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*

CVSS

Base:	6.9 (as of 16-10-2018 - 16:41)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bugtraq	20070410 EEYE: Windows VDM Zero Page Race Condition Privilege Escalation
misc	http://research.eeye.com/html/advisories/published/AD20070410a.html
osvdb	37635
sreason	2563

Last major update

16-10-2018 - 16:41

Published

11-04-2007 - 23:19

Last modified

16-10-2018 - 16:41