CVE-2007-1209
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.3 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
21.2%
Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a “dangling pointer” to a process data structure.
Affected configurations
References
research.eeye.com/html/advisories/published/AD20070410b.html
secunia.com/advisories/24823
securityreason.com/securityalert/2531
www.kb.cert.org/vuls/id/219848
www.osvdb.org/34008
www.securityfocus.com/archive/1/465233/100/0/threaded
www.securityfocus.com/archive/1/466331/100/200/threaded
www.securityfocus.com/bid/23338
www.securitytracker.com/id?1017897
www.us-cert.gov/cas/techalerts/TA07-100A.html
www.vupen.com/english/advisories/2007/1325
docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524
Related
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.3 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
21.2%