| Vulnerability Name: | CVE-2007-3724 (CCN-35902) | ||||||||
| Assigned: | 2007-07-11 | ||||||||
| Published: | 2007-07-11 | ||||||||
| Updated: | 2008-11-15 | ||||||||
| Summary: | The process scheduler in the Microsoft Windows XP kernel does not make use of the process statistics kept by the kernel, performs scheduling based on CPU billing gathered from periodic process sampling ticks, and gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | ||||||||
| CVSS v3 Severity: | 6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
| ||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P) 1.7 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:UR)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-3724 Source: OSVDB Type: UNKNOWN 36938 Source: CCN Type: Cheat07Security Whitepaper Secretly Monopolizing the CPU Without Superuser Privileges Source: MISC Type: UNKNOWN http://www.cs.huji.ac.il/~dants/papers/Cheat07Security.pdf Source: CCN Type: Microsoft Windows Web site Windows XP: Home Page Source: CCN Type: OSVDB ID: 36938 Microsoft Windows XP Kernel Process Scheduler Local DoS Source: XF Type: UNKNOWN windows-processsheduler-dos(35902) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||