CVE-2007-1206

Severity

72%

Complexity

39%

Confidentiality

165%

The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying the "zero page" during a race condition before the view is unmapped.

The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying the "zero page" during a race condition before the view is unmapped.

CVSS 2.0 Base Score 7.2. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C).

Overview

Type

Microsoft Windows

First reported 17 years ago

2007-04-10 21:19:00

Last updated 6 years ago

2018-10-16 16:37:00

Affected Software

Microsoft Windows 2000 Service Pack 4

Microsoft Windows XP Service Pack 2

References

http://research.eeye.com/html/advisories/published/AD20070410a.html

24834

Vendor Advisory

1017898

VU#337953

US Government Resource

34011

20070410 EEYE: Windows VDM Zero Page Race Condition Privilege Escalation

HPSBST02208

23367

TA07-100A

US Government Resource

ADV-2007-1326

Vendor Advisory

MS07-022

oval:org.mitre.oval:def:1639

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.