Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.
Weaknesses in this category are related to improper management of system resources.
| Link | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/466331/100/200/threaded | vendor advisory |
| http://www.securitytracker.com/id?1017897 | vdb entry |
| http://www.securityfocus.com/bid/23338 | vdb entry |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524 | vdb entry signature |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021 | vendor advisory |
| http://www.kb.cert.org/vuls/id/219848 | third party advisory us government resource |
| http://www.vupen.com/english/advisories/2007/1325 | vdb entry vendor advisory |
| http://www.osvdb.org/34008 | vdb entry |
| http://securityreason.com/securityalert/2531 | third party advisory |
| http://secunia.com/advisories/24823 | third party advisory |
| http://research.eeye.com/html/advisories/published/AD20070410b.html | |
| http://www.us-cert.gov/cas/techalerts/TA07-100A.html | third party advisory us government resource |
| http://www.securityfocus.com/archive/1/465233/100/0/threaded | mailing list |