exploitDog

CVE-2007-4969

Опубликовано: 19 сент. 2007

Источник: nvd

CVSS2: 4.4

EPSS Низкий

Описание

Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtLoadKey, (4) NtOpenKey, (5) NtQueryValueKey, (6) NtSetValueKey, and (7) NtUnloadKey.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sysinternals:process_monitor:1.22:*:*:*:*:*:*:*

EPSS

Процентиль: 22%

0.0007

Низкий

4.4 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-4fv8-h7r9-m88g

github

почти 4 года назад

Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtLoadKey, (4) NtOpenKey, (5) NtQueryValueKey, (6) NtSetValueKey, and (7) NtUnloadKey.

EPSS

Процентиль: 22%

0.0007

Низкий

4.4 Medium

CVSS2

Дефекты

CWE-20