CVE-2007-4969

Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtLoadKey, (4) NtOpenKey, (5) NtQueryValueKey, (6) NtSetValueKey, and (7) NtUnloadKey.

CVSS v2.0 4.4 MEDIUM

4.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/45953
http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php
http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php
http://www.securityfocus.com/archive/1/479830/100/0/threaded
http://www.securityfocus.com/bid/25719

Configurations

Configuration 1 (hide)

cpe:2.3:a:sysinternals:process_monitor:1.22:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-09-19 01:17

Updated : 2023-12-10 10:40

NVD link : CVE-2007-4969

Mitre link : CVE-2007-4969

CVE.ORG link : CVE-2007-4969

JSON object : View

Products Affected

sysinternals

process_monitor

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2007-4969", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-09-19T01:17:00.000", "references": [{"url": "http://osvdb.org/45953", "source": "cve@mitre.org"}, {"url": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php", "source": "cve@mitre.org"}, {"url": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/479830/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25719", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtLoadKey, (4) NtOpenKey, (5) NtQueryValueKey, (6) NtSetValueKey, and (7) NtUnloadKey."}, {"lang": "es", "value": "Process Monitor 1.22 no valida adecuadamente ciertos par\u00e1metros a los manejadores de funciones de Tablas de Descripci\u00f3n de Servicios del Sistema (SSDT), lo cual permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente obtener privilegios mediante ganchos SSDT del n\u00facleo para funciones de la API nativa de Windows entre las que se incluyen (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtLoadKey, (4) NtOpenKey, (5) NtQueryValueKey, (6) NtSetValueKey, y (7) NtUnloadKey."}], "lastModified": "2018-10-15T21:39:09.753", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sysinternals:process_monitor:1.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E323A84E-A775-49A1-B262-0D7FB0CF25ED"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}