CVE-2007-1206

CWE-2643 documents3 sources
Severity
7.2HIGH
EPSS
1.8%
top 17.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Windows 2003 Server
Timeline
PublishedApr 10
Latest updateMay 1

Description

The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying the "zero page" during a race condition before the view is unmapped.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/windows_2003_servergold, sp1, sp2+2

🔴Vulnerability Details

2
GHSA
GHSA-jc8m-fhw4-pp52: The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 42022-05-01
CVEList
CVE-2007-1206: The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 42007-04-10
CVE-2007-1206 (HIGH CVSS 7.2) | The Virtual DOS Machine (VDM) in th | cvebase.io