Executive Summary

Informations
Name CVE-2007-1209 First vendor Publication 2007-04-10
Vendor Cve Last vendor Modification 2018-10-16

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1209

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1524
 
Oval ID: oval:org.mitre.oval:def:1524
Title: CSRSS Local Elevation of Privilege Vulnerability
Description: Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.
Family: windows Class: vulnerability
Reference(s): CVE-2007-1209
 Version: 5
Platform(s): Microsoft Windows Vista
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1

OpenVAS Exploits

Date Description
2011-01-14 Name : Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnera...
File : nvt/gb_ms07-021.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
34008 Microsoft Windows Vista CSRSS Local Privilege Escalation

Microsoft Windows Vista contains a flaw that may allow a malicious local user to gain access to unauthorized privileges and execute arbitrary code with SYSTEM privileges. The issue is triggered due to incorrect handling of system resources by the Client/Server Run-Time Subsystem (CSRSS) at the starting and stopping of a process. This flaw may lead to a loss of integrity and a complete compromise of the affected system.

Nessus® Vulnerability Scanner

Date Description
2007-04-10 Name : Arbitrary code can be executed on the remote host through the web browser.
File : smb_nt_ms07-021.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/23338
BUGTRAQ http://www.securityfocus.com/archive/1/465233/100/0/threaded
CERT http://www.us-cert.gov/cas/techalerts/TA07-100A.html
CERT-VN http://www.kb.cert.org/vuls/id/219848
HP http://www.securityfocus.com/archive/1/466331/100/200/threaded
MISC http://research.eeye.com/html/advisories/published/AD20070410b.html
MS https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07...
OSVDB http://www.osvdb.org/34008
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECTRACK http://www.securitytracker.com/id?1017897
SECUNIA http://secunia.com/advisories/24823
SREASON http://securityreason.com/securityalert/2531
VUPEN http://www.vupen.com/english/advisories/2007/1325

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
Date Informations
2021-05-04 12:05:27
  • Multiple Updates
2021-04-22 01:06:00
  • Multiple Updates
2020-05-23 00:19:22
  • Multiple Updates
2018-10-16 21:19:51
  • Multiple Updates
2018-10-13 00:22:36
  • Multiple Updates
2017-10-11 09:23:52
  • Multiple Updates
2016-06-28 16:15:15
  • Multiple Updates
2016-04-26 15:49:30
  • Multiple Updates
2014-02-17 10:39:17
  • Multiple Updates
2013-05-11 10:20:01
  • Multiple Updates