1. Home
  2. CVE Database
  3. CVE-2007-0843
MEDIUM · 4.6

CVE-2007-0843

The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a d...

Vulnerability Description

The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.

CVSS Score

4.6

MEDIUM

AV:L/AC:L/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
MicrosoftWindows 2000All versions
MicrosoftWindows 2003 ServerAll versions
MicrosoftWindows VistaAll versions
MicrosoftWindows XpAll versions

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2007-0843?

CVE-2007-0843 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a d...

How severe is CVE-2007-0843?

CVE-2007-0843 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-0843?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows 2003 Server, Microsoft Windows Vista, Microsoft Windows Xp.