| Vulnerability Name: | CVE-2007-0843 (CCN-32644) | ||||||||
| Assigned: | 2007-02-22 | ||||||||
| Published: | 2007-02-22 | ||||||||
| Updated: | 2021-08-09 | ||||||||
| Summary: | The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information. | ||||||||
| CVSS v3 Severity: | 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.0 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:U/RC:UR)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Thu Feb 22 2007 - 04:47:05 CST Microsoft Windows 2000/XP/2003/Vista ReadDirectoryChangesW informaton leak Source: MITRE Type: CNA CVE-2007-0843 Source: FULLDISC Type: UNKNOWN 20070222 Microsoft Windows 2000/XP/2003/Vista ReadDirectoryChangesW informaton leak Source: OSVDB Type: UNKNOWN 33474 Source: CCN Type: SA24245 Microsoft Windows Directory Monitoring Information Disclosure Weakness Source: SECUNIA Type: Vendor Advisory 24245 Source: SREASON Type: UNKNOWN 2282 Source: MISC Type: Vendor Advisory http://securityvulns.com/advisories/readdirectorychanges.asp Source: CCN Type: Microsoft Windows Web site Windows Home Page Source: CCN Type: OSVDB ID: 33474 Microsoft Windows ReadDirectoryChangesW API Function File System Information Disclosure Source: BUGTRAQ Type: UNKNOWN 20070222 Re[2]: [Full-disclosure] Microsoft Windows 2000/XP/2003/Vista ReadDirectoryChangesW informaton leak Source: BUGTRAQ Type: UNKNOWN 20070222 Microsoft Windows 2000/XP/2003/Vista ReadDirectoryChangesW informaton leak Source: BID Type: Exploit 22664 Source: CCN Type: BID-22664 Microsoft Windows ReadDirectoryChangesW Information Disclosure Vulnerability Source: VUPEN Type: Vendor Advisory ADV-2007-0701 Source: XF Type: UNKNOWN win-readdirectory-information-disclosure(32644) Source: XF Type: UNKNOWN win-readdirectory-information-disclosure(32644) Source: CCN Type: Packet Storm Security [08-09-2021] Microsoft Windows Malicious Software Removal Tool Privilege Escalation | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||