CVE-2007-1209 - OpenCVE

Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows Vista

Configuration 1 [-]

cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://research.eeye.com/html/advisories/published/AD20070410b.html
http://secunia.com/advisories/24823
http://securityreason.com/securityalert/2531
http://www.kb.cert.org/vuls/id/219848
http://www.osvdb.org/34008
http://www.securityfocus.com/archive/1/465233/100/0/threaded
http://www.securityfocus.com/archive/1/466331/100/200/threaded
http://www.securityfocus.com/bid/23338
http://www.securitytracker.com/id?1017897
http://www.us-cert.gov/cas/techalerts/TA07-100A.html
http://www.vupen.com/english/advisories/2007/1325
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2007-04-10T21:00:00

Updated: 2024-08-07T12:50:34.744Z

Reserved: 2007-03-02T00:00:00

Link: CVE-2007-1209

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-04-10T21:19:00.000

Modified: 2018-10-16T16:37:07.423

Link: CVE-2007-1209

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-10T00:00:00", "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a \"dangling pointer\" to a process data structure."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "HPSBST02208", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"}, {"name": "1017897", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017897"}, {"name": "23338", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23338"}, {"name": "oval:org.mitre.oval:def:1524", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524"}, {"name": "MS07-021", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021"}, {"name": "VU#219848", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/219848"}, {"name": "ADV-2007-1325", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1325"}, {"name": "34008", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/34008"}, {"name": "2531", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2531"}, {"name": "24823", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24823"}, {"tags": ["x_refsource_MISC"], "url": "http://research.eeye.com/html/advisories/published/AD20070410b.html"}, {"name": "TA07-100A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-100A.html"}, {"name": "20070410 EEYE: Windows Vista CSRSS Dangling Process Pointer Privilege Escalation", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/465233/100/0/threaded"}, {"name": "SSRT071365", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2007-1209", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a \"dangling pointer\" to a process data structure."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "HPSBST02208", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"}, {"name": "1017897", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017897"}, {"name": "23338", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23338"}, {"name": "oval:org.mitre.oval:def:1524", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524"}, {"name": "MS07-021", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021"}, {"name": "VU#219848", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/219848"}, {"name": "ADV-2007-1325", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1325"}, {"name": "34008", "refsource": "OSVDB", "url": "http://www.osvdb.org/34008"}, {"name": "2531", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2531"}, {"name": "24823", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24823"}, {"name": "http://research.eeye.com/html/advisories/published/AD20070410b.html", "refsource": "MISC", "url": "http://research.eeye.com/html/advisories/published/AD20070410b.html"}, {"name": "TA07-100A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-100A.html"}, {"name": "20070410 EEYE: Windows Vista CSRSS Dangling Process Pointer Privilege Escalation", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/465233/100/0/threaded"}, {"name": "SSRT071365", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:50:34.744Z"}, "title": "CVE Program Container", "references": [{"name": "HPSBST02208", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"}, {"name": "1017897", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1017897"}, {"name": "23338", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23338"}, {"name": "oval:org.mitre.oval:def:1524", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524"}, {"name": "MS07-021", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021"}, {"name": "VU#219848", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/219848"}, {"name": "ADV-2007-1325", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1325"}, {"name": "34008", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/34008"}, {"name": "2531", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2531"}, {"name": "24823", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24823"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://research.eeye.com/html/advisories/published/AD20070410b.html"}, {"name": "TA07-100A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-100A.html"}, {"name": "20070410 EEYE: Windows Vista CSRSS Dangling Process Pointer Privilege Escalation", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/465233/100/0/threaded"}, {"name": "SSRT071365", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2007-1209", "datePublished": "2007-04-10T21:00:00", "dateReserved": "2007-03-02T00:00:00", "dateUpdated": "2024-08-07T12:50:34.744Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a \"dangling pointer\" to a process data structure."}, {"lang": "es", "value": "Una vulnerabilidad de uso de la memoria previamente liberada en el subsistema Run-time cliente/servidor (CSRSS) en Microsoft Windows Vista, no maneja apropiadamente los recursos de conexi\u00f3n al iniciar y detener procesos, lo que permite a los usuarios locales alcanzar privilegios al abrir y cerrar m\u00faltiples conexiones de ApiPort, que deja un \"dangling pointer\" a una estructura de datos de proceso."}], "id": "CVE-2007-1209", "lastModified": "2018-10-16T16:37:07.423", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-10T21:19:00.000", "references": [{"source": "secure@microsoft.com", "url": "http://research.eeye.com/html/advisories/published/AD20070410b.html"}, {"source": "secure@microsoft.com", "url": "http://secunia.com/advisories/24823"}, {"source": "secure@microsoft.com", "url": "http://securityreason.com/securityalert/2531"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/219848"}, {"source": "secure@microsoft.com", "url": "http://www.osvdb.org/34008"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/465233/100/0/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/23338"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1017897"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-100A.html"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/1325"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}