[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-1206Date: (C)2007-04-10   (M)2023-12-22


The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying the "zero page" during a race condition before the view is unmapped.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1017898
http://www.securityfocus.com/archive/1/465232/100/0/threaded
BID-23367
SECUNIA-24834
OSVDB-34011
ADV-2007-1326
HPSBST02208
MS07-022
TA07-100A
VU#337953
http://research.eeye.com/html/advisories/published/AD20070410a.html
oval:org.mitre.oval:def:1639

CPE    2
cpe:/o:microsoft:windows_2000::sp4
cpe:/o:microsoft:windows_xp::sp2
CWE    1
CWE-264
OVAL    1
oval:org.mitre.oval:def:1639

© SecPod Technologies