7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0005 Low
EPSS
Percentile
16.0%
The Microsoft Windows Kernel contains a privilege escalation vulnerability that may allow a local attacker to take control of the system.
The Microsoft Windows Kernel fails to properly set permissions when mapping to a memory segment. By running a specially crafted application, an attacker may be able to trigger this vulnerability.
For more information, please refer to Microsoft Security Bulletin MS07-022.
A local, authenticated attacker may be able to execute arbitrary code with elevated privileges.
Apply an Update
Microsoft was released updates in Microsoft Security Bulletin MS07-022 to address this issue.
337953
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: April 10, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Microsoft has published Microsoft Security Bulletin MS07-022 in response to this issue. Users are encouraged to review this bulletin and apply the referenced patches.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23337953 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
<http://www.microsoft.com/technet/security/bulletin/ms07-022.mspx>
This vulnerability was reported in Microsoft Security Bulletin MS07-022. Microsoft credits eEye for reporting the vulnerability to them.
This document was written by Katie Steiner.
CVE IDs: | CVE-2007-1206 |
---|---|
Severity Metric: | 2.30 Date Public: |