CVE-2007-1209 - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

CVE CVE-2007-1209
Status Candidate
Description Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.
Severity Medium
CVSS score 5,6
CVSS vector (AV:L/AC:H/Au:NR/C:C/I:C/A:C/B:N)
Phase Assigned (02.03.2007)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1209
References BID : 23338
BUGTRAQ : 20070410 EEYE: Windows Vista CSRSS Dangling Process Pointer Privilege Escalation
CERT-VN : VU#219848
CERT : TA07-100A
FRSIRT : ADV-2007-1325
HP : HPSBST02208
HP : SSRT071365
MISC : http://research.eeye.com/html/advisories/published...
MS : MS07-021
OSVDB : 34008
SECTRACK : 1017897
SECUNIA : 24823
SecurityVulns: Microsoft Windows memory corruption