Executive Summary

Summary
Title Microsoft Windows Vista privilege escalation vulnerability
Informations
Name VU#601073 First vendor Publication 2007-12-11
Vendor VU-CERT Last vendor Modification 2007-12-11
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#601073

Microsoft Windows Vista privilege escalation vulnerability

Overview

Microsoft Windows Vista contains a local privilege escalation vulnerability.

I. Description

The Windows Advanced Local Procedure Call (ALPC) does not properly evaluate certain conditions in legacy reply paths.

Per Microsoft Security Bulletin MS07-066:

    An elevation of privilege vulnerability exists in the way that the Windows kernel processes certain access requests. This vulnerability could allow an attacker to run code and to take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Note that this vulnerability is present in the 32 and 64-bit versions of Windows Vista.

II. Impact

A local attacker may be able to gain elevated privileges.

III. Solution

Update

Microsoft has released an update to address this issue. Administrators and users should see Microsoft Security Bulletin MS07-066 for information about obtaining fixed software.

Systems Affected

VendorStatusDate Updated
Microsoft CorporationVulnerable11-Dec-2007

References


http://www.microsoft.com/technet/security/bulletin/ms07-066.mspx

Credit

Microsoft credits Thomas Garnier of SkyRecon for reporting this vulnerability.

This document was written by Ryan Giobbi.

Other Information

Date Public12/11/2007
Date First Published12/11/2007 04:25:50 PM
Date Last Updated12/11/2007
CERT Advisory 
CVE NameCVE-2007-5350
Metric6.35
Document Revision5

Original Source

Url : http://www.kb.cert.org/vuls/id/601073

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:3912
 
Oval ID: oval:org.mitre.oval:def:3912
Title: Vulnerability in Windows Kernel Could Allow Elevation of Privilege
Description: Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths."
Family: windows Class: vulnerability
Reference(s): CVE-2007-5350
 Version: 3
Platform(s): Microsoft Windows Vista
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 2

OpenVAS Exploits

Date Description
2011-01-14 Name : Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078)
File : nvt/gb_ms07-066.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
39124 Microsoft Windows Vista Kernel Legacy Reply Path Validation Local Privilege E...

Windows Vista contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by an unspecified in Windows Advanced Local Procedure Call (ALPC). This flaw may lead to a loss of integrity.

Nessus® Vulnerability Scanner

Date Description
2007-12-11 Name : A local user can elevate privileges on the remote host.
File : smb_nt_ms07-066.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2015-05-08 13:28:06
  • Multiple Updates
2013-05-11 12:26:40
  • Multiple Updates