Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2007-1209

EPSS 2.11% · P84
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2007-1209

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft Windows CSRSS CSRFinalizeContext本地权限提升漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft Windows是美国微软(Microsoft)公司发布的一系列操作系统。 Windows的CSRSS服务实现上存在设计漏洞,本地攻击者可能利用此漏洞提升自己的权限。 从Windows Vista开始使用了一种扩展形式的本地过程调用(LPC),被称为高级本地过程调用(ALPC),用于取代旧的LPC与CSRSS进行通讯。每个新的进程都会创建到其会话CSRSS的ApiPort(\Windows\ApiPort或\Sessions\<sessionid>\Windows\ApiPort)的AL
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2007-1209

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2007-1209

登录查看更多情报信息。

Same Patch Batch · n/a · 2007-04-10 · 49 CVEs total

CVE-2007-1938JustSystem Ichitaro 跨站脚本攻击漏洞
CVE-2007-0734Apple AirPort Extreme Base Station远程信息泄露漏洞
CVE-2007-0938Microsoft内容管理服务器远程代码执行漏洞
CVE-2007-1206Windows VDM 0页面竞争条件本地权限提升漏洞
CVE-2006-4250man工具-H选项本地缓冲区溢出漏洞
CVE-2007-1687IPIX Image Well ActiveX控件缓冲区溢出漏洞
CVE-2007-1900PHP Filter_Var函数FILTER_VALIDATE_EMAIL注入换行漏洞
CVE-2007-1923SQL-Ledger 安全漏洞
CVE-2007-1205Microsoft Agent URI解析远程代码执行漏洞
CVE-2007-1939Daniel Naber LanguageTool 内嵌webserver跨站脚本攻击漏洞
CVE-2006-7192Microsoft .NET Framework请求过滤绕过漏洞
CVE-2007-1937Scorp Book 'smilies.php'PHP远程文件包含漏洞
CVE-2007-1936ScarAdControl 'scaradcontrol.php'PHP远程文件包含漏洞
CVE-2007-1935ScarAdControl 'admin/index.php'PHP代码注入漏洞
CVE-2007-1934EBoard 'member.php'目录遍历漏洞
CVE-2007-1933PcP-Guestbook 多个目录遍历漏洞
CVE-2007-1932ScarNews 'Scarnews.Inc.PHP' 目录遍历漏洞
CVE-2007-1931SmodCMS slownik模块'index.php'SQL注入漏洞
CVE-2007-1930CattaDoc 'download2.php'目录遍历漏洞
CVE-2007-1929Xrousse Beryo 'downloadpic.php' 目录遍历漏洞

Showing top 20 of 49 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2007-1209

No comments yet

Leave a comment