cvelistv5 - cve-2007-1209

CVE-2007-1209 (GCVE-0-2007-1209)

Vulnerability from cvelistv5 – Published: 2007-04-10 21:00 – Updated: 2024-08-07 12:50

Summary

Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.securityfocus.com/archive/1/466331/100…	vendor-advisoryx_refsource_HP
	http://www.securitytracker.com/id?1017897	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/23338	vdb-entryx_refsource_BID
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.kb.cert.org/vuls/id/219848	third-party-advisoryx_refsource_CERT-VN
	http://www.vupen.com/english/advisories/2007/1325	vdb-entryx_refsource_VUPEN
	http://www.osvdb.org/34008	vdb-entryx_refsource_OSVDB
	http://securityreason.com/securityalert/2531	third-party-advisoryx_refsource_SREASON
	http://secunia.com/advisories/24823	third-party-advisoryx_refsource_SECUNIA
	http://research.eeye.com/html/advisories/publishe…	x_refsource_MISC
	http://www.us-cert.gov/cas/techalerts/TA07-100A.html	third-party-advisoryx_refsource_CERT
	http://www.securityfocus.com/archive/1/465233/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/466331/100…	vendor-advisoryx_refsource_HP

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:50:34.744Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBST02208",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"
          },
          {
            "name": "1017897",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017897"
          },
          {
            "name": "23338",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23338"
          },
          {
            "name": "oval:org.mitre.oval:def:1524",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524"
          },
          {
            "name": "MS07-021",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021"
          },
          {
            "name": "VU#219848",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/219848"
          },
          {
            "name": "ADV-2007-1325",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1325"
          },
          {
            "name": "34008",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/34008"
          },
          {
            "name": "2531",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2531"
          },
          {
            "name": "24823",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24823"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://research.eeye.com/html/advisories/published/AD20070410b.html"
          },
          {
            "name": "TA07-100A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-100A.html"
          },
          {
            "name": "20070410 EEYE: Windows Vista CSRSS Dangling Process Pointer Privilege Escalation",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/465233/100/0/threaded"
          },
          {
            "name": "SSRT071365",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a \"dangling pointer\" to a process data structure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "HPSBST02208",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"
        },
        {
          "name": "1017897",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017897"
        },
        {
          "name": "23338",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23338"
        },
        {
          "name": "oval:org.mitre.oval:def:1524",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524"
        },
        {
          "name": "MS07-021",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021"
        },
        {
          "name": "VU#219848",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/219848"
        },
        {
          "name": "ADV-2007-1325",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1325"
        },
        {
          "name": "34008",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/34008"
        },
        {
          "name": "2531",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2531"
        },
        {
          "name": "24823",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24823"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://research.eeye.com/html/advisories/published/AD20070410b.html"
        },
        {
          "name": "TA07-100A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-100A.html"
        },
        {
          "name": "20070410 EEYE: Windows Vista CSRSS Dangling Process Pointer Privilege Escalation",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/465233/100/0/threaded"
        },
        {
          "name": "SSRT071365",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-1209",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a \"dangling pointer\" to a process data structure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBST02208",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"
            },
            {
              "name": "1017897",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017897"
            },
            {
              "name": "23338",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23338"
            },
            {
              "name": "oval:org.mitre.oval:def:1524",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524"
            },
            {
              "name": "MS07-021",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021"
            },
            {
              "name": "VU#219848",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/219848"
            },
            {
              "name": "ADV-2007-1325",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1325"
            },
            {
              "name": "34008",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/34008"
            },
            {
              "name": "2531",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2531"
            },
            {
              "name": "24823",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24823"
            },
            {
              "name": "http://research.eeye.com/html/advisories/published/AD20070410b.html",
              "refsource": "MISC",
              "url": "http://research.eeye.com/html/advisories/published/AD20070410b.html"
            },
            {
              "name": "TA07-100A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-100A.html"
            },
            {
              "name": "20070410 EEYE: Windows Vista CSRSS Dangling Process Pointer Privilege Escalation",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/465233/100/0/threaded"
            },
            {
              "name": "SSRT071365",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2007-1209",
    "datePublished": "2007-04-10T21:00:00",
    "dateReserved": "2007-03-02T00:00:00",
    "dateUpdated": "2024-08-07T12:50:34.744Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3852BB02-47A1-40B3-8E32-8D8891A53114\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a \\\"dangling pointer\\\" to a process data structure.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de uso de la memoria previamente liberada en el subsistema Run-time cliente/servidor (CSRSS) en Microsoft Windows Vista, no maneja apropiadamente los recursos de conexi\\u00f3n al iniciar y detener procesos, lo que permite a los usuarios locales alcanzar privilegios al abrir y cerrar m\\u00faltiples conexiones de ApiPort, que deja un \\\"dangling pointer\\\" a una estructura de datos de proceso.\"}]",
      "id": "CVE-2007-1209",
      "lastModified": "2024-11-21T00:27:46.440",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-04-10T21:19:00.000",
      "references": "[{\"url\": \"http://research.eeye.com/html/advisories/published/AD20070410b.html\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://secunia.com/advisories/24823\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://securityreason.com/securityalert/2531\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/219848\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/34008\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/465233/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/466331/100/200/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/466331/100/200/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/bid/23338\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id?1017897\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-100A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1325\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://research.eeye.com/html/advisories/published/AD20070410b.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/24823\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/2531\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/219848\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/34008\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/465233/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/466331/100/200/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/466331/100/200/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/23338\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1017897\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-100A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1325\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-1209\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2007-04-10T21:19:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a \\\"dangling pointer\\\" to a process data structure.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de uso de la memoria previamente liberada en el subsistema Run-time cliente/servidor (CSRSS) en Microsoft Windows Vista, no maneja apropiadamente los recursos de conexi\u00f3n al iniciar y detener procesos, lo que permite a los usuarios locales alcanzar privilegios al abrir y cerrar m\u00faltiples conexiones de ApiPort, que deja un \\\"dangling pointer\\\" a una estructura de datos de proceso.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3852BB02-47A1-40B3-8E32-8D8891A53114\"}]}]}],\"references\":[{\"url\":\"http://research.eeye.com/html/advisories/published/AD20070410b.html\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/24823\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://securityreason.com/securityalert/2531\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.kb.cert.org/vuls/id/219848\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/34008\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/465233/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/466331/100/200/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/466331/100/200/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/23338\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1017897\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-100A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/1325\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://research.eeye.com/html/advisories/published/AD20070410b.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24823\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/2531\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/219848\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/34008\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/465233/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/466331/100/200/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/466331/100/200/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/23338\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1017897\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-100A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/1325\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2007-AVI-168

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été identifiées dans le processus Client/Server Runtime Subsystem ou CSRSS de Microsoft Windows. L'exploitation de celles-ci permettraient à une personne malveillante de perturber ou prendre le contrôle complet du système vulnérable.

Description

De multiples vulnérabilités ont été identifiées dans le processus Client/Server Runtime Subsystem ou CSRSS de Microsoft Windows. Ce dernier est un élément essentiel du système d'exploitation, qui permet entre autres de gérer les fenêtres et des éléments graphiques de Windows.

csrss.exe ne manipulerait pas correctement certains messages d'erreurs via ses fenêtres MsgBox. Une personne malveillante pourrait donc forcer l'affichage de tels messages particuliers (visite d'une page Web, ou lancement d'une application) afin de prendre le contrôle du système vulnérable ;
csrss.exe ne convertirait pas correctement certaines ressources système, ce qui pourrait également être exploité pour prendre le contrôle d'un système ;

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows XP Professional x64 Edition (Service Pack 2 compris).
Microsoft	Windows	Microsoft Windows Server 2003 x64 Edition (Service Pack 2 inclus) ;
Microsoft	Windows	Microsoft Windows XP Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Server 2003 pour les systèmes Itanium (Service Pack 1 et Service Pack 2 inclus) ;
Microsoft	Windows	Windows Vista x64 Edition.
Microsoft	Windows	Microsoft Windows Server 2003 (Service Pack 1 et Service Pack 2 inclus) ;
Microsoft	Windows	Windows Vista ;
Microsoft	Windows	Microsoft Windows 2000 Service Pack 4 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS07-021 du 10 avril 2007	None	vendor-advisory
Bulletin de sécurité eEye AD20070410b du 10 avril 2007 :	-	other
Bulletin de sécurité Microsoft MS07-021 du 11 avril 2007 :	-	other
Bulletin de sécurité Microsoft MS07-021 du 11 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows XP Professional x64 Edition (Service Pack 2 compris).",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 x64 Edition (Service Pack 2 inclus) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 pour les syst\u00e8mes Itanium (Service Pack 1 et Service Pack 2 inclus) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Vista x64 Edition.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 (Service Pack 1 et Service Pack 2 inclus) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Vista ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2000 Service Pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le processus\nClient/Server Runtime Subsystem ou CSRSS de Microsoft Windows. Ce\ndernier est un \u00e9l\u00e9ment essentiel du syst\u00e8me d\u0027exploitation, qui permet\nentre autres de g\u00e9rer les fen\u00eatres et des \u00e9l\u00e9ments graphiques de\nWindows.\n\n-   csrss.exe ne manipulerait pas correctement certains messages\n    d\u0027erreurs via ses fen\u00eatres MsgBox. Une personne malveillante\n    pourrait donc forcer l\u0027affichage de tels messages particuliers\n    (visite d\u0027une page Web, ou lancement d\u0027une application) afin de\n    prendre le contr\u00f4le du syst\u00e8me vuln\u00e9rable ;\n-   csrss.exe ne convertirait pas correctement certaines ressources\n    syst\u00e8me, ce qui pourrait \u00e9galement \u00eatre exploit\u00e9 pour prendre le\n    contr\u00f4le d\u0027un syst\u00e8me ;\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-1209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1209"
    },
    {
      "name": "CVE-2006-6696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6696"
    },
    {
      "name": "CVE-2006-6797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6797"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 eEye AD20070410b du 10 avril 2007 :",
      "url": "http://www.eeye.com/html/research/advisories/published/AD20070410b.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-021 du 11 avril 2007 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-021.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-021 du 11 avril 2007 :",
      "url": "http://www.microsoft.com/france/technet/security/bulletin/MS07-021.mspx"
    }
  ],
  "reference": "CERTA-2007-AVI-168",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-04-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le processus \u003cspan\nclass=\"textit\"\u003eClient/Server Runtime Subsystem\u003c/span\u003e ou CSRSS de\nMicrosoft Windows. L\u0027exploitation de celles-ci permettraient \u00e0 une\npersonne malveillante de perturber ou prendre le contr\u00f4le complet du\nsyst\u00e8me vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s de CSRSS dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-021 du 10 avril 2007",
      "url": null
    }
  ]
}

CERTA-2007-AVI-168

Vulnerability from certfr_avis - Published: - Updated:

Description

csrss.exe ne manipulerait pas correctement certains messages d'erreurs via ses fenêtres MsgBox. Une personne malveillante pourrait donc forcer l'affichage de tels messages particuliers (visite d'une page Web, ou lancement d'une application) afin de prendre le contrôle du système vulnérable ;
csrss.exe ne convertirait pas correctement certaines ressources système, ce qui pourrait également être exploité pour prendre le contrôle d'un système ;

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows XP Professional x64 Edition (Service Pack 2 compris).
Microsoft	Windows	Microsoft Windows Server 2003 x64 Edition (Service Pack 2 inclus) ;
Microsoft	Windows	Microsoft Windows XP Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Server 2003 pour les systèmes Itanium (Service Pack 1 et Service Pack 2 inclus) ;
Microsoft	Windows	Windows Vista x64 Edition.
Microsoft	Windows	Microsoft Windows Server 2003 (Service Pack 1 et Service Pack 2 inclus) ;
Microsoft	Windows	Windows Vista ;
Microsoft	Windows	Microsoft Windows 2000 Service Pack 4 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS07-021 du 10 avril 2007	None	vendor-advisory
Bulletin de sécurité eEye AD20070410b du 10 avril 2007 :	-	other
Bulletin de sécurité Microsoft MS07-021 du 11 avril 2007 :	-	other
Bulletin de sécurité Microsoft MS07-021 du 11 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows XP Professional x64 Edition (Service Pack 2 compris).",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 x64 Edition (Service Pack 2 inclus) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 pour les syst\u00e8mes Itanium (Service Pack 1 et Service Pack 2 inclus) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Vista x64 Edition.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 (Service Pack 1 et Service Pack 2 inclus) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Vista ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2000 Service Pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le processus\nClient/Server Runtime Subsystem ou CSRSS de Microsoft Windows. Ce\ndernier est un \u00e9l\u00e9ment essentiel du syst\u00e8me d\u0027exploitation, qui permet\nentre autres de g\u00e9rer les fen\u00eatres et des \u00e9l\u00e9ments graphiques de\nWindows.\n\n-   csrss.exe ne manipulerait pas correctement certains messages\n    d\u0027erreurs via ses fen\u00eatres MsgBox. Une personne malveillante\n    pourrait donc forcer l\u0027affichage de tels messages particuliers\n    (visite d\u0027une page Web, ou lancement d\u0027une application) afin de\n    prendre le contr\u00f4le du syst\u00e8me vuln\u00e9rable ;\n-   csrss.exe ne convertirait pas correctement certaines ressources\n    syst\u00e8me, ce qui pourrait \u00e9galement \u00eatre exploit\u00e9 pour prendre le\n    contr\u00f4le d\u0027un syst\u00e8me ;\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-1209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1209"
    },
    {
      "name": "CVE-2006-6696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6696"
    },
    {
      "name": "CVE-2006-6797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6797"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 eEye AD20070410b du 10 avril 2007 :",
      "url": "http://www.eeye.com/html/research/advisories/published/AD20070410b.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-021 du 11 avril 2007 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-021.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-021 du 11 avril 2007 :",
      "url": "http://www.microsoft.com/france/technet/security/bulletin/MS07-021.mspx"
    }
  ],
  "reference": "CERTA-2007-AVI-168",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-04-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le processus \u003cspan\nclass=\"textit\"\u003eClient/Server Runtime Subsystem\u003c/span\u003e ou CSRSS de\nMicrosoft Windows. L\u0027exploitation de celles-ci permettraient \u00e0 une\npersonne malveillante de perturber ou prendre le contr\u00f4le complet du\nsyst\u00e8me vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s de CSRSS dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-021 du 10 avril 2007",
      "url": null
    }
  ]
}

GHSA-PF7M-RHV2-RHJ9

Vulnerability from github – Published: 2022-05-01 17:51 – Updated: 2022-05-01 17:51

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-1209"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-04-10T21:19:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a \"dangling pointer\" to a process data structure.",
  "id": "GHSA-pf7m-rhv2-rhj9",
  "modified": "2022-05-01T17:51:22Z",
  "published": "2022-05-01T17:51:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1209"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524"
    },
    {
      "type": "WEB",
      "url": "http://research.eeye.com/html/advisories/published/AD20070410b.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24823"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/2531"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/219848"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/34008"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/465233/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/23338"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1017897"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-100A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1325"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-1209

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-1209

Aliases

CVE-2007-1209

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-1209",
    "description": "Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a \"dangling pointer\" to a process data structure.",
    "id": "GSD-2007-1209"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-1209"
      ],
      "details": "Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a \"dangling pointer\" to a process data structure.",
      "id": "GSD-2007-1209",
      "modified": "2023-12-13T01:21:40.017428Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2007-1209",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a \"dangling pointer\" to a process data structure."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "HPSBST02208",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"
          },
          {
            "name": "1017897",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1017897"
          },
          {
            "name": "23338",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/23338"
          },
          {
            "name": "oval:org.mitre.oval:def:1524",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524"
          },
          {
            "name": "MS07-021",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021"
          },
          {
            "name": "VU#219848",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/219848"
          },
          {
            "name": "ADV-2007-1325",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/1325"
          },
          {
            "name": "34008",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/34008"
          },
          {
            "name": "2531",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/2531"
          },
          {
            "name": "24823",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24823"
          },
          {
            "name": "http://research.eeye.com/html/advisories/published/AD20070410b.html",
            "refsource": "MISC",
            "url": "http://research.eeye.com/html/advisories/published/AD20070410b.html"
          },
          {
            "name": "TA07-100A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-100A.html"
          },
          {
            "name": "20070410 EEYE: Windows Vista CSRSS Dangling Process Pointer Privilege Escalation",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/465233/100/0/threaded"
          },
          {
            "name": "SSRT071365",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-1209"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a \"dangling pointer\" to a process data structure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://research.eeye.com/html/advisories/published/AD20070410b.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://research.eeye.com/html/advisories/published/AD20070410b.html"
            },
            {
              "name": "23338",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/23338"
            },
            {
              "name": "1017897",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1017897"
            },
            {
              "name": "34008",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/34008"
            },
            {
              "name": "TA07-100A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-100A.html"
            },
            {
              "name": "VU#219848",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/219848"
            },
            {
              "name": "24823",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/24823"
            },
            {
              "name": "2531",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/2531"
            },
            {
              "name": "ADV-2007-1325",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1325"
            },
            {
              "name": "oval:org.mitre.oval:def:1524",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524"
            },
            {
              "name": "MS07-021",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021"
            },
            {
              "name": "HPSBST02208",
              "refsource": "HP",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"
            },
            {
              "name": "20070410 EEYE: Windows Vista CSRSS Dangling Process Pointer Privilege Escalation",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/465233/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-16T16:37Z",
      "publishedDate": "2007-04-10T21:19Z"
    }
  }
}

FKIE_CVE-2007-1209

Vulnerability from fkie_nvd - Published: 2007-04-10 21:19 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://research.eeye.com/html/advisories/published/AD20070410b.html
secure@microsoft.com	http://secunia.com/advisories/24823
secure@microsoft.com	http://securityreason.com/securityalert/2531
secure@microsoft.com	http://www.kb.cert.org/vuls/id/219848	US Government Resource
secure@microsoft.com	http://www.osvdb.org/34008
secure@microsoft.com	http://www.securityfocus.com/archive/1/465233/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/archive/1/466331/100/200/threaded
secure@microsoft.com	http://www.securityfocus.com/bid/23338
secure@microsoft.com	http://www.securitytracker.com/id?1017897
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA07-100A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2007/1325	Vendor Advisory
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524
af854a3a-2127-422b-91ae-364da2661108	http://research.eeye.com/html/advisories/published/AD20070410b.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24823
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/2531
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/219848	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/34008
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/465233/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/466331/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23338
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1017897
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA07-100A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1325	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524

Impacted products

	Vendor	Product	Version
	microsoft	windows_vista	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a \"dangling pointer\" to a process data structure."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de uso de la memoria previamente liberada en el subsistema Run-time cliente/servidor (CSRSS) en Microsoft Windows Vista, no maneja apropiadamente los recursos de conexi\u00f3n al iniciar y detener procesos, lo que permite a los usuarios locales alcanzar privilegios al abrir y cerrar m\u00faltiples conexiones de ApiPort, que deja un \"dangling pointer\" a una estructura de datos de proceso."
    }
  ],
  "id": "CVE-2007-1209",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-04-10T21:19:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://research.eeye.com/html/advisories/published/AD20070410b.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/24823"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://securityreason.com/securityalert/2531"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/219848"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.osvdb.org/34008"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/465233/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/23338"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1017897"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-100A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/1325"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://research.eeye.com/html/advisories/published/AD20070410b.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2531"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/219848"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/34008"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/465233/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/23338"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-100A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/1325"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-1209 (GCVE-0-2007-1209)

CERTA-2007-AVI-168

Description

Solution

CERTA-2007-AVI-168

Description

Solution

GHSA-PF7M-RHV2-RHJ9

GSD-2007-1209

FKIE_CVE-2007-1209

Tags

Sightings

Nomenclature