Vulnerabilities > CVE-2007-0211 - Privilege Escalation vulnerability in Microsoft Windows 2003 Server and Windows XP
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 3 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS07-006.NASL |
description | The remote version of Windows contains a version of the Windows Shell that contains a vulnerability in the way it performs detection and registration of new hardware. An authenticated user may exploit this vulnerability to elevate his privileges. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 24330 |
published | 2007-02-13 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/24330 |
title | MS07-006: Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) |
code |
|
Oval
accepted | 2011-05-09T04:01:27.636-04:00 | ||||||||||||||||
class | vulnerability | ||||||||||||||||
contributors |
| ||||||||||||||||
definition_extensions |
| ||||||||||||||||
description | The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware." | ||||||||||||||||
family | windows | ||||||||||||||||
id | oval:org.mitre.oval:def:224 | ||||||||||||||||
status | accepted | ||||||||||||||||
submitted | 2007-02-13T14:38:21 | ||||||||||||||||
title | Vulnerability in Windows Shell Could Allow Elevation of Privilege | ||||||||||||||||
version | 71 |
References
- http://secunia.com/advisories/24126
- http://www.kb.cert.org/vuls/id/240796
- http://www.osvdb.org/31890
- http://www.securityfocus.com/bid/22481
- http://www.securitytracker.com/id?1017633
- http://www.us-cert.gov/cas/techalerts/TA07-044A.html
- http://www.vupen.com/english/advisories/2007/0575
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-006
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A224