NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2007-1209

Summary	Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.
Publication Date	April 11, 2007, 6:19 a.m.
Registration Date	Jan. 29, 2021, 2:08 p.m.
Last Update	Oct. 17, 2018, 1:37 a.m.

CVSS2.0 : HIGH
Score	7.2
Vector	AV:L/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	はい
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:microsoft:windows_vista::::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://research.eeye.com/html/advisories/published/AD20070410b.html	MISC
2	http://secunia.com/advisories/24823	SECUNIA
3	http://securityreason.com/securityalert/2531	SREASON
4	http://www.kb.cert.org/vuls/id/219848	CERT-VN	US Government Resource
5	http://www.osvdb.org/34008	OSVDB
6	http://www.securityfocus.com/archive/1/465233/100/0/threaded	BUGTRAQ
7	http://www.securityfocus.com/archive/1/466331/100/200/threaded	HP
8	http://www.securityfocus.com/bid/23338	BID
9	http://www.securitytracker.com/id?1017897	SECTRACK
10	http://www.us-cert.gov/cas/techalerts/TA07-100A.html	CERT	US Government Resource
11	http://www.vupen.com/english/advisories/2007/1325	VUPEN	Vendor Advisory
12	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021	MS
13	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524	OVAL

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-399	リソース管理の問題	https://cwe.mitre.org/data/definitions/399.html