CVE-2007-0843
Last modified
CVE-2007-0843 is a vulnerability of currently unknown severity. The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.. EPSS estimates a 3.61% chance of exploitation in the next 30 days.
Description
The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Windows 2000 | All versions | — |
| Microsoft | Windows 2003 Server | All versions | — |
| Microsoft | Windows Vista | All versions | Beta1 |
| Microsoft | Windows Xp | All versions | — |
References
- http://secunia.com/advisories/24245Vendor Advisory
- http://securityvulns.com/advisories/readdirectorychanges.aspVendor Advisory
- http://www.vupen.com/english/advisories/2007/0701Vendor Advisory
- http://secunia.com/advisories/24245Vendor Advisory
- http://securityvulns.com/advisories/readdirectorychanges.aspVendor Advisory
- http://www.vupen.com/english/advisories/2007/0701Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-0843?
How severe is CVE-2007-0843?
How do I fix CVE-2007-0843?
Are you affected by CVE-2007-0843?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST