QwikSec

Security Database

CVE

CWE

Training

CVE-2007-1209

Published: Apr 10, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_HP

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_BID

oval:org.mitre.oval:def:1524

vdb-entry

signature

x_refsource_OVAL

vendor-advisory

x_refsource_MS

third-party-advisory

x_refsource_CERT-VN

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_OSVDB

third-party-advisory

x_refsource_SREASON

third-party-advisory

x_refsource_SECUNIA

http://research.eeye.com/html/advisories/published/AD20070410b.html

x_refsource_MISC

third-party-advisory

x_refsource_CERT

20070410 EEYE: Windows Vista CSRSS Dangling Process Pointer Privilege Escalation

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_HP

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.