search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Microsoft Windows Kernel vulnerable to privilege escalation

Vulnerability Note VU#337953

Original Release Date: 2007-04-10 | Last Revised: 2007-04-10

Overview

The Microsoft Windows Kernel contains a privilege escalation vulnerability that may allow a local attacker to take control of the system.

Description

The Microsoft Windows Kernel fails to properly set permissions when mapping to a memory segment. By running a specially crafted application, an attacker may be able to trigger this vulnerability.

For more information, please refer to Microsoft Security Bulletin MS07-022.

Impact

A local, authenticated attacker may be able to execute arbitrary code with elevated privileges.

Solution

Apply an Update
Microsoft was released updates in Microsoft Security Bulletin MS07-022 to address this issue.

Vendor Information

337953
 
Expand all

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

http://www.microsoft.com/technet/security/bulletin/ms07-022.mspx

Acknowledgements

This vulnerability was reported in Microsoft Security Bulletin MS07-022. Microsoft credits eEye for reporting the vulnerability to them.

This document was written by Katie Steiner.

Other Information

CVE IDs: CVE-2007-1206
Severity Metric: 2.30
Date Public: 2007-04-10
Date First Published: 2007-04-10
Date Last Updated: 2007-04-10 20:08 UTC
Document Revision: 12

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis