Vulnerabilities > CVE-2007-0351 - Local Security vulnerability in Microsoft Windows

CVSS 6.2 - MEDIUM

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

high complexity

microsoft

zonelabs

NVD

Published: 2007-01-19

Updated: 2018-10-16

Summary

Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user.

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows 2003 Server R2 Microsoft Windows XP *	2
Application	Zonelabs Zonelabs Zonealarm *	1

References

http://www.securityfocus.com/archive/1/457167/100/0/threaded
http://www.securityfocus.com/archive/1/457217/100/0/threaded
http://www.securityfocus.com/archive/1/457340/100/0/threaded
http://www.securityfocus.com/archive/1/457807/100/200/threaded
http://www.securityfocus.com/archive/1/459838/100/0/threaded