CVE-2007-0843

Sažetak

The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.

Reference

http://securityvulns.com/advisories/readdirectorychanges.asp
http://www.securityfocus.com/bid/22664
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052613.html
http://secunia.com/advisories/24245
http://securityreason.com/securityalert/2282
http://osvdb.org/33474
http://www.vupen.com/english/advisories/2007/0701
https://exchange.xforce.ibmcloud.com/vulnerabilities/32644
http://www.securityfocus.com/archive/1/460899/100/0/threaded
http://www.securityfocus.com/archive/1/460887/100/0/threaded

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

09-08-2021 - 16:15

Objavljeno

23-02-2007 - 02:28