[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-0843Date: (C)2007-02-22   (M)2023-12-22


The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.6
Exploit Score: 3.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://www.securityfocus.com/archive/1/460899/100/0/threaded
http://www.securityfocus.com/archive/1/460887/100/0/threaded
BID-22664
SREASON-2282
SECUNIA-24245
OSVDB-33474
ADV-2007-0701
http://securityvulns.com/advisories/readdirectorychanges.asp
win-readdirectory-information-disclosure(32644)

CPE    11
cpe:/o:microsoft:windows_xp::sp1:tablet_pc
cpe:/o:microsoft:windows_xp::sp1:media_center
cpe:/o:microsoft:windows_vista::beta1
cpe:/o:microsoft:windows_xp::sp2:media_center
...
CWE    1
CWE-264

© SecPod Technologies