CVE-2007-1209

high

Description

Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021

http://www.vupen.com/english/advisories/2007/1325

http://www.us-cert.gov/cas/techalerts/TA07-100A.html

http://www.securitytracker.com/id?1017897

http://www.securityfocus.com/bid/23338

http://www.securityfocus.com/archive/1/466331/100/200/threaded

http://www.securityfocus.com/archive/1/465233/100/0/threaded

http://www.osvdb.org/34008

http://www.kb.cert.org/vuls/id/219848

http://securityreason.com/securityalert/2531

http://secunia.com/advisories/24823

http://research.eeye.com/html/advisories/published/AD20070410b.html

Details

Source: Mitre, NVD

Published: 2007-04-10

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High