[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-1209Date: (C)2007-04-10   (M)2023-12-22


Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1017897
http://www.securityfocus.com/archive/1/465233/100/0/threaded
BID-23338
SECUNIA-24823
SREASON-2531
OSVDB-34008
ADV-2007-1325
HPSBST02208
MS07-021
TA07-100A
VU#219848
http://research.eeye.com/html/advisories/published/AD20070410b.html
oval:org.mitre.oval:def:1524

CPE    1
cpe:/o:microsoft:windows_vista
CWE    1
CWE-399
OVAL    1
oval:org.mitre.oval:def:1524

© SecPod Technologies