Vulnerability Name: | CVE-2007-4315 (CCN-36041) | ||||||||
Assigned: | 2007-08-05 | ||||||||
Published: | 2007-08-05 | ||||||||
Updated: | 2012-10-18 | ||||||||
Summary: | The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows local users to bypass the driver signing policy, write to arbitrary kernel memory locations, and thereby gain privileges via unspecified vectors, as demonstrated by "Purple Pill". | ||||||||
CVSS v3 Severity: | 8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C) 5.6 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
| ||||||||
Vulnerability Type: | CWE-264 | ||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||
References: | Source: CCN Type: AMD Catalyst Software Suite Web site Catalyst™ 7.8 Display Driver for Windows Vista (32 bit) Source: MISC Type: UNKNOWN http://blogs.zdnet.com/security/?p=427 Source: MISC Type: UNKNOWN http://blogs.zdnet.com/security/?p=438 Source: CCN Type: Invisible Things Lab: IsGameOver(), Anyone? Blackhat 2007 Presentation ATI Catalyst Driver atidsmxx.sys security bypass Source: MITRE Type: CNA CVE-2007-4315 Source: CCN Type: SA26448 AMD Catalyst Software Suite DSM Dynamic Driver Vista Kernel Protection Bypass Source: SECUNIA Type: UNKNOWN 26448 Source: CCN Type: OSVDB ID: 39562 AMD ATI atidsmxx.sys on Windows Vista Local Privilege Escalation Source: BID Type: UNKNOWN 25265 Source: CCN Type: BID-25265 AMD ATI ATIDSMXX.SYS Driver Local Privilege Escalation Vulnerability Source: XF Type: UNKNOWN catalyst-atdcm64a-privilege-escalation(36041) | ||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
BACK |