Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2007-1209 | First vendor Publication | 2007-04-10 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1209 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:1524 | |||
| Oval ID: | oval:org.mitre.oval:def:1524 | ||
| Title: | CSRSS Local Elevation of Privilege Vulnerability | ||
| Description: | Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2007-1209 | Version: | 5 |
| Platform(s): | Microsoft Windows Vista | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-01-14 | Name : Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnera... File : nvt/gb_ms07-021.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 34008 | Microsoft Windows Vista CSRSS Local Privilege Escalation Microsoft Windows Vista contains a flaw that may allow a malicious local user to gain access to unauthorized privileges and execute arbitrary code with SYSTEM privileges. The issue is triggered due to incorrect handling of system resources by the Client/Server Run-Time Subsystem (CSRSS) at the starting and stopping of a process. This flaw may lead to a loss of integrity and a complete compromise of the affected system. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2007-04-10 | Name : Arbitrary code can be executed on the remote host through the web browser. File : smb_nt_ms07-021.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:17:45 |
|
| 2024-11-28 12:11:40 |
|
| 2021-05-04 12:05:27 |
|
| 2021-04-22 01:06:00 |
|
| 2020-05-23 00:19:22 |
|
| 2018-10-16 21:19:51 |
|
| 2018-10-13 00:22:36 |
|
| 2017-10-11 09:23:52 |
|
| 2016-06-28 16:15:15 |
|
| 2016-04-26 15:49:30 |
|
| 2014-02-17 10:39:17 |
|
| 2013-05-11 10:20:01 |
|
