Vulnerabilities > CVE-2007-1209 - Resource Management Errors vulnerability in Microsoft Windows Vista
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS07-021.NASL |
description | The remote host is running a version of Windows containing a bug in the CSRSS error message handling routine that could allow an attacker to execute arbitrary code on the remote host by luring a user on the remote host into visiting a rogue website. Additionally, the system is prone to the following types of attack : - Local Privilege Elevation - Denial of Service (Local) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 25024 |
published | 2007-04-10 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/25024 |
title | MS07-021: Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178) |
code |
|
Oval
accepted | 2012-11-19T04:00:26.714-05:00 | ||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||
contributors |
| ||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||
description | Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure. | ||||||||||||||||||||
family | windows | ||||||||||||||||||||
id | oval:org.mitre.oval:def:1524 | ||||||||||||||||||||
status | accepted | ||||||||||||||||||||
submitted | 2007-04-10T16:31:02 | ||||||||||||||||||||
title | CSRSS Local Elevation of Privilege Vulnerability | ||||||||||||||||||||
version | 74 |
References
- http://research.eeye.com/html/advisories/published/AD20070410b.html
- http://secunia.com/advisories/24823
- http://securityreason.com/securityalert/2531
- http://www.kb.cert.org/vuls/id/219848
- http://www.osvdb.org/34008
- http://www.securityfocus.com/archive/1/465233/100/0/threaded
- http://www.securityfocus.com/archive/1/466331/100/200/threaded
- http://www.securityfocus.com/bid/23338
- http://www.securitytracker.com/id?1017897
- http://www.us-cert.gov/cas/techalerts/TA07-100A.html
- http://www.vupen.com/english/advisories/2007/1325
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524