4.6

CVE-2007-0843

Exploit

EPSS 0.39%
Veröffentlicht 23.02.2007 02:28:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows 2000

Microsoft ≫ Windows 2003 Server

Microsoft ≫ Windows Vista Updatebeta1

Microsoft ≫ Windows Xp Editionhome

Microsoft ≫ Windows Xp Updategold

Microsoft ≫ Windows Xp Updatesp1 Edition64-bit_2003

Microsoft ≫ Windows Xp Updatesp1 Editionembedded

Microsoft ≫ Windows Xp Updatesp1 Editionhome

Microsoft ≫ Windows Xp Updatesp1 Editionmedia_center

Microsoft ≫ Windows Xp Updatesp1 Editionprofessional

Microsoft ≫ Windows Xp Updatesp1 Editiontablet_pc

Microsoft ≫ Windows Xp Updatesp2 Editionhome

Microsoft ≫ Windows Xp Updatesp2 Editionmedia_center

Microsoft ≫ Windows Xp Updatesp2 Editionprofessional

Microsoft ≫ Windows Xp Updatesp2 Editiontablet_pc

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.39%	0.593

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052613.html

http://osvdb.org/33474

http://packetstormsecurity.com/files/163755/Microsoft-Windows-Malicious-Software-Removal-Tool-Privilege-Escalation.html

http://secunia.com/advisories/24245

Vendor Advisory

http://securityreason.com/securityalert/2282

http://securityvulns.com/advisories/readdirectorychanges.asp

Vendor Advisory

http://www.securityfocus.com/archive/1/460887/100/0/threaded

http://www.securityfocus.com/archive/1/460899/100/0/threaded

http://www.securityfocus.com/bid/22664

Exploit

http://www.vupen.com/english/advisories/2007/0701

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/32644

https://nvd.nist.gov/vuln/detail/CVE-2007-0843

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-0843

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-0843

EUVD