7.2
CVE-2007-1209
- EPSS 2.69%
- Veröffentlicht 10.04.2007 21:19:00
- Zuletzt bearbeitet 16.06.2026 22:37:08
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.69% | 0.839 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
http://www.securityfocus.com/archive/1/466331/100/200/threaded
http://www.vupen.com/english/advisories/2007/1325
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021
http://www.us-cert.gov/cas/techalerts/TA07-100A.html
http://research.eeye.com/html/advisories/published/AD20070410b.html
http://secunia.com/advisories/24823
http://securityreason.com/securityalert/2531
http://www.kb.cert.org/vuls/id/219848
http://www.osvdb.org/34008
http://www.securityfocus.com/archive/1/465233/100/0/threaded
http://www.securityfocus.com/bid/23338
http://www.securitytracker.com/id?1017897
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524