CVE-2007-0843
Published Feb 23, 2007
Last updated 3 years ago
Overview
- Description
- The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.6
- Impact score
- 6.4
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-264
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28550D88-BD1A-464C-83C1-0EEC97FAA1CE"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "580B0C9B-DD85-40FA-9D37-BAC0C96D57FC"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit_2003:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB3115EE-FFDD-4362-88D2-E98B7364B63D"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ADEBB882-1C55-4B7B-B4CF-F1B23502FD90"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A05337E-18A5-4939-85A0-69583D9B5AD9"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:professional:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "279F8E64-F499-4189-997D-8DA748516A85"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B9687E6C-EDE9-42E4-93D0-C4144FEC917A"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E43BBC5A-057F-4BE2-B4BB-6791DDB0B9C1"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C29F02ED-85FC-4D22-A6DE-5F9C77ECCD70"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357"
}
],
"operator": "OR"
}
]
}
]