Vulnerability Description
Microsoft Windows XP SP2 allows local users, who have sessions created by another user's RunAs (run as) command, to kill arbitrary processes of this other user, as demonstrated by the taskkill program. NOTE: the researcher claims a vendor dispute in which the vendor states that "RunAs and UAC are convenience features, not security boundaries. If you need a security guarantee, please log out and log back in with a different account.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows Xp | All versions |
References
- http://osvdb.org/39014
- http://www.securityfocus.com/archive/1/472216/100/0/threaded
- http://www.securityfocus.com/archive/1/472282/100/0/threaded
- http://osvdb.org/39014
- http://www.securityfocus.com/archive/1/472216/100/0/threaded
- http://www.securityfocus.com/archive/1/472282/100/0/threaded
FAQ
What is CVE-2007-3463?
CVE-2007-3463 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Microsoft Windows XP SP2 allows local users, who have sessions created by another user's RunAs (run as) command, to kill arbitrary processes of this other user, as demonstrated by the taskkill program...
How severe is CVE-2007-3463?
CVE-2007-3463 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3463?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows Xp.