CVE-2007-0843

The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052613.html
http://osvdb.org/33474
http://packetstormsecurity.com/files/163755/Microsoft-Windows-Malicious-Software-Removal-Tool-Privilege-Escalation.html
http://secunia.com/advisories/24245	Vendor Advisory
http://securityreason.com/securityalert/2282
http://securityvulns.com/advisories/readdirectorychanges.asp	Vendor Advisory
http://www.securityfocus.com/archive/1/460887/100/0/threaded
http://www.securityfocus.com/archive/1/460899/100/0/threaded
http://www.securityfocus.com/bid/22664	Exploit
http://www.vupen.com/english/advisories/2007/0701	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/32644
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052613.html
http://osvdb.org/33474
http://packetstormsecurity.com/files/163755/Microsoft-Windows-Malicious-Software-Removal-Tool-Privilege-Escalation.html
http://secunia.com/advisories/24245	Vendor Advisory
http://securityreason.com/securityalert/2282
http://securityvulns.com/advisories/readdirectorychanges.asp	Vendor Advisory
http://www.securityfocus.com/archive/1/460887/100/0/threaded
http://www.securityfocus.com/archive/1/460899/100/0/threaded
http://www.securityfocus.com/bid/22664	Exploit
http://www.vupen.com/english/advisories/2007/0701	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/32644

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_2000::::::::
	cpe:2.3:o:microsoft:windows_2003_server::::::::
	cpe:2.3:o:microsoft:windows_vista::beta1::::::*
	cpe:2.3:o:microsoft:windows_xp:::home:::::*
	cpe:2.3:o:microsoft:windows_xp::gold::::::*
	cpe:2.3:o:microsoft:windows_xp::sp1:64-bit_2003:::::
	cpe:2.3:o:microsoft:windows_xp::sp1:embedded:::::
	cpe:2.3:o:microsoft:windows_xp::sp1:home:::::
	cpe:2.3:o:microsoft:windows_xp::sp1:media_center:::::
	cpe:2.3:o:microsoft:windows_xp::sp1:professional:::::
	cpe:2.3:o:microsoft:windows_xp::sp1:tablet_pc:::::
	cpe:2.3:o:microsoft:windows_xp::sp2:home:::::
	cpe:2.3:o:microsoft:windows_xp::sp2:media_center:::::
	cpe:2.3:o:microsoft:windows_xp::sp2:professional:::::
	cpe:2.3:o:microsoft:windows_xp::sp2:tablet_pc:::::

History

21 Nov 2024, 00:26

Type	Values Removed	Values Added
References	~~() http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052613.html -~~	() http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052613.html -
References	~~() http://osvdb.org/33474 -~~	() http://osvdb.org/33474 -
References	~~() http://packetstormsecurity.com/files/163755/Microsoft-Windows-Malicious-Software-Removal-Tool-Privilege-Escalation.html -~~	() http://packetstormsecurity.com/files/163755/Microsoft-Windows-Malicious-Software-Removal-Tool-Privilege-Escalation.html -
References	~~() http://secunia.com/advisories/24245 - Vendor Advisory~~	() http://secunia.com/advisories/24245 - Vendor Advisory
References	~~() http://securityreason.com/securityalert/2282 -~~	() http://securityreason.com/securityalert/2282 -
References	~~() http://securityvulns.com/advisories/readdirectorychanges.asp - Vendor Advisory~~	() http://securityvulns.com/advisories/readdirectorychanges.asp - Vendor Advisory
References	~~() http://www.securityfocus.com/archive/1/460887/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/460887/100/0/threaded -
References	~~() http://www.securityfocus.com/archive/1/460899/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/460899/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/22664 - Exploit~~	() http://www.securityfocus.com/bid/22664 - Exploit
References	~~() http://www.vupen.com/english/advisories/2007/0701 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2007/0701 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/32644 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/32644 -

Information

Published : 2007-02-23 02:28

Updated : 2024-11-21 00:26

NVD link : CVE-2007-0843

Mitre link : CVE-2007-0843

CVE.ORG link : CVE-2007-0843

JSON object : View

Products Affected

microsoft

windows_2003_server
windows_vista
windows_xp
windows_2000

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2007-0843", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-02-23T02:28:00.000", "references": [{"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052613.html", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/33474", "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/163755/Microsoft-Windows-Malicious-Software-Removal-Tool-Privilege-Escalation.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24245", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/2282", "source": "cve@mitre.org"}, {"url": "http://securityvulns.com/advisories/readdirectorychanges.asp", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/460887/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/460899/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22664", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0701", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32644", "source": "cve@mitre.org"}, {"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052613.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/33474", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.com/files/163755/Microsoft-Windows-Malicious-Software-Removal-Tool-Privilege-Escalation.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24245", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/2282", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityvulns.com/advisories/readdirectorychanges.asp", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/460887/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/460899/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/22664", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/0701", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32644", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information."}, {"lang": "es", "value": "La funci\u00f3n de la API ReadDirectoryChangesW en Microsoft Windows 2000, XP, Server 2003 y Vista no comprueba los permisos para los objetos secundarios, lo que permite a los usuarios locales omitir los permisos mediante la apertura de un directorio con acceso LIST (READ) y utilizando ReadDirectoryChangesW para monitorizar los cambios de los archivos, que no tiene permisos de LISTA, lo que puede explotarse para determinar los nombres de archivos, tiempos de acceso y otra informaci\u00f3n confidencial."}], "lastModified": "2024-11-21T00:26:52.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD"}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28550D88-BD1A-464C-83C1-0EEC97FAA1CE"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "580B0C9B-DD85-40FA-9D37-BAC0C96D57FC"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit_2003:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB3115EE-FFDD-4362-88D2-E98B7364B63D"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADEBB882-1C55-4B7B-B4CF-F1B23502FD90"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A05337E-18A5-4939-85A0-69583D9B5AD9"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:professional:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "279F8E64-F499-4189-997D-8DA748516A85"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9687E6C-EDE9-42E4-93D0-C4144FEC917A"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E43BBC5A-057F-4BE2-B4BB-6791DDB0B9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C29F02ED-85FC-4D22-A6DE-5F9C77ECCD70"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

4.6 /10