Lucene search

[email protected]NVD:CVE-2007-4315

HistoryAug 13, 2007 - 9:17 p.m.

CVE-2007-4315

2007-08-1321:17:00

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

Percentile

5.1%

JSON

The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows local users to bypass the driver signing policy, write to arbitrary kernel memory locations, and thereby gain privileges via unspecified vectors, as demonstrated by “Purple Pill”.

Affected configurations

Nvd

Node

amdcatalyst_driver

aticatalyst_driver

AND

microsoftwindows_vista

VendorProductVersionCPE
amdcatalyst_driver*cpe:2.3:a:amd:catalyst_driver:*:*:*:*:*:*:*:*
aticatalyst_driver*cpe:2.3:a:ati:catalyst_driver:*:*:*:*:*:*:*:*
microsoftwindows_vista*cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
amd	catalyst_driver	*	cpe:2.3:a:amd:catalyst_driver::::::::
ati	catalyst_driver	*	cpe:2.3:a:ati:catalyst_driver::::::::
microsoft	windows_vista	*	cpe:2.3:o:microsoft:windows_vista::::::::

References

blogs.zdnet.com/security/?p=427

blogs.zdnet.com/security/?p=438

secunia.com/advisories/26448

www.securityfocus.com/bid/25265

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2007-4315

nessus1 cve1 cvelist1 prion1