Back to search
CVE-2007-1206
Published: Apr 10, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying the "zero page" during a race condition before the view is unmapped.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
HPSBST02208
vendor-advisory
x_refsource_HP
23367
vdb-entry
x_refsource_BID
34011
vdb-entry
x_refsource_OSVDB
oval:org.mitre.oval:def:1639
vdb-entry
signature
x_refsource_OVAL
MS07-022
vendor-advisory
x_refsource_MS
VU#337953
third-party-advisory
x_refsource_CERT-VN
ADV-2007-1326
vdb-entry
x_refsource_VUPEN
20070410 EEYE: Windows VDM Zero Page Race Condition Privilege Escalation
mailing-list
x_refsource_BUGTRAQ
24834
third-party-advisory
x_refsource_SECUNIA
1017898
vdb-entry
x_refsource_SECTRACK
TA07-100A
third-party-advisory
x_refsource_CERT
SSRT071365
vendor-advisory
x_refsource_HP
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now