|
|
CVE Reference: CVE-2007-0843 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-0843 |
|
|
Description: The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/32644 SREASON http://securityreason.com/securityalert/2282 SAID Secunia Advisory: SA24245 OSVDB 33474 MISC http://securityvulns.com/advisories/readdirectorychanges.asp FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052613.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/460887/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/460899/100/0/threaded BID 22664 |
|
| Return to the previous page. |
