CVE-2007-1209 - Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vi

CVE-2007-1209

Summary

Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.

References

Vulnerable Configurations

cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 16-10-2018 - 16:37)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

oval via4

accepted

2012-11-19T04:00:26.714-05:00

class

vulnerability

contributors

name Sudhir Gandhe
organization Secure Elements, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Sudhir Gandhe
organization Secure Elements, Inc.
name Shane Shaffer
organization G2, Inc.
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment Microsoft Windows Vista is installed
oval oval:org.mitre.oval:def:228
comment Microsoft Windows Vista x64 Edition is installed
oval oval:org.mitre.oval:def:2041

description

family

windows

oval:org.mitre.oval:def:1524

status

accepted

submitted

2007-04-10T16:31:02

title

CSRSS Local Elevation of Privilege Vulnerability

version

refmap via4

bid	23338
bugtraq	20070410 EEYE: Windows Vista CSRSS Dangling Process Pointer Privilege Escalation
cert	TA07-100A
cert-vn	VU#219848
hp	HPSBST02208 SSRT071365
misc	http://research.eeye.com/html/advisories/published/AD20070410b.html
osvdb	34008
sectrack	1017897
secunia	24823
sreason	2531
vupen	ADV-2007-1325

Last major update

16-10-2018 - 16:37

Published

10-04-2007 - 21:19

Last modified

16-10-2018 - 16:37