[email protected]CVE-2007-1206

HistoryApr 10, 2007 - 9:19 p.m.

CVE-2007-1206

2007-04-1021:19:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2007-1206

virtual dos machine

vdm

windows kernel

microsoft windows

nt 4.0

windows 2000

server 2003

windows vista

privilege escalation

race condition

nvd

6.1 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0005 Low

EPSS

Percentile

16.0%

JSON

The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying the “zero page” during a race condition before the view is unmapped.

CPENameOperatorVersion
microsoft:windows_xpmicrosoft windows xpeq*
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_2003_servermicrosoft windows 2003 servereqsp1
microsoft:windows_2003_servermicrosoft windows 2003 servereqgold
microsoft:windows_2003_servermicrosoft windows 2003 servereqsp2

CPE	Name	Operator	Version
microsoft:windows_xp	microsoft windows xp	eq	*
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_2003_server	microsoft windows 2003 server	eq	sp1
microsoft:windows_2003_server	microsoft windows 2003 server	eq	gold
microsoft:windows_2003_server	microsoft windows 2003 server	eq	sp2

References

research.eeye.com/html/advisories/published/AD20070410a.html

secunia.com/advisories/24834

securitytracker.com/id?1017898

www.kb.cert.org/vuls/id/337953

www.osvdb.org/34011

www.securityfocus.com/archive/1/465232/100/0/threaded

www.securityfocus.com/archive/1/466331/100/200/threaded

www.securityfocus.com/bid/23367

www.us-cert.gov/cas/techalerts/TA07-100A.html

www.vupen.com/english/advisories/2007/1326

docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-022

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1639

6.1 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0005 Low

EPSS

Percentile

16.0%

JSON

Related for CVE-2007-1206

prion2 securityvulns3 cert1 nessus1 cve1 packetstorm1