{"vuid":"VU#337953","idnumber":"337953","name":"Microsoft Windows Kernel vulnerable to privilege escalation","keywords":["Microsoft","Windows","Kernel","privilege escalation","incorrect permissions","ms07-apr"],"overview":"The Microsoft Windows Kernel contains a privilege escalation vulnerability that may allow a local attacker to take control of the system.","clean_desc":"The Microsoft Windows Kernel fails to properly set permissions when mapping to a memory segment. By running a specially crafted application, an attacker may be able to trigger this vulnerability. For more information, please refer to Microsoft Security Bulletin MS07-022.","impact":"A local, authenticated attacker may be able to execute arbitrary code with elevated privileges.","resolution":"Apply an update\nMicrosoft was released updates in Microsoft Security Bulletin MS07-022 to address this issue.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported in Microsoft Security Bulletin \nMS07-022\n. Microsoft credits eEye for reporting the vulnerability to them.","author":"This document was written by Katie Steiner.","public":["h","t","t","p",":","/","/","w","w","w",".","m","i","c","r","o","s","o","f","t",".","c","o","m","/","t","e","c","h","n","e","t","/","s","e","c","u","r","i","t","y","/","b","u","l","l","e","t","i","n","/","m","s","0","7","-","0","2","2",".","m","s","p","x"],"cveids":["CVE-2007-1206"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-04-10T18:09:15Z","publicdate":"2007-04-10T00:00:00Z","datefirstpublished":"2007-04-10T20:05:14Z","dateupdated":"2007-04-10T20:08:19Z","revision":12,"vrda_d1_directreport":"0","vrda_d1_population":"4","vrda_d1_impact":"3","cam_widelyknown":"8","cam_exploitation":"0","cam_internetinfrastructure":"1","cam_population":"10","cam_impact":"17","cam_easeofexploitation":"8","cam_attackeraccessrequired":"10","cam_scorecurrent":"2.295","cam_scorecurrentwidelyknown":"5.355","cam_scorecurrentwidelyknownexploited":"10.455","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":2.295,"vulnote":null}