Vulnerability Name:

CVE-2007-0211 (CCN-32108)

Assigned:2007-02-13
Published:2007-02-13
Updated:2018-10-12
Summary:The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
CVSS v3 Severity:8.2 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2007-0211

Source: CCN
Type: SA24126
Microsoft Windows Shell Privilege Escalation Vulnerability

Source: SECUNIA
Type: UNKNOWN
24126

Source: CCN
Type: SECTRACK ID: 1017633
Windows Shell Hardware Detection Service Parameter Validation Error Lets Local Users Gain Elevated Privileges

Source: CCN
Type: ASA-2007-075
MS07-006 Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255)

Source: CCN
Type: US-CERT VU#240796
Microsoft Windows Shell vulnerable to privilege escalation

Source: CERT-VN
Type: US Government Resource
VU#240796

Source: CCN
Type: Microsoft Security Bulletin MS07-006
Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255)

Source: OSVDB
Type: UNKNOWN
31890

Source: CCN
Type: OSVDB ID: 31890
Microsoft Windows Shell New Hardware Local Privilege Escalation

Source: BID
Type: UNKNOWN
22481

Source: CCN
Type: BID-22481
Microsoft Windows Shell Hardware Detection Service Privilege Escalation Vulnerability

Source: SECTRACK
Type: UNKNOWN
1017633

Source: CERT
Type: US Government Resource
TA07-044A

Source: VUPEN
Type: UNKNOWN
ADV-2007-0575

Source: MS
Type: UNKNOWN
MS07-006

Source: XF
Type: UNKNOWN
win-new-hardware-privilege-escalation(32108)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:224

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:224
    V
    		Vulnerability in Windows Shell Could Allow Elevation of Privilege
    2011-05-09
    BACK
    microsoft windows 2003 server sp1
    microsoft windows xp * gold
    microsoft windows xp * sp2