CVE-2007-1209 - компьютерная безопасность: уязвимости и эксплоиты

[RU] switch to
English Version

CVE CVE-2007-1209
Статус Candidate
Описание Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.
Важность Medium
CVSS score 5,6
CVSS vector (AV:L/AC:H/Au:NR/C:C/I:C/A:C/B:N)
Phase Assigned (02.03.2007)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1209
References BID : 23338
BUGTRAQ : 20070410 EEYE: Windows Vista CSRSS Dangling Process Pointer Privilege Escalation
CERT-VN : VU#219848
CERT : TA07-100A
FRSIRT : ADV-2007-1325
HP : HPSBST02208
HP : SSRT071365
MISC : http://research.eeye.com/html/advisories/published...
MS : MS07-021
OSVDB : 34008
SECTRACK : 1017897
SECUNIA : 24823
SecurityVulns: Повреждение памяти в Microsoft Windows (memory corruption)

test server