CVE-2007-0843

Microsoft Windows 2000-XP-Vista - Info Disclosure

Title source: llm

Description

The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.

Exploits (2)

exploitdb WORKING POC VERIFIED

by 3APA3A · clocalwindows

https://www.exploit-db.com/exploits/29630

View Code ZIP pw:eip

nomisec WORKING POC 9 stars

by z3APA3A · poc

https://github.com/z3APA3A/spydir

View Code ZIP pw:eip

References (11)

[Exploit] http://www.securityfocus.com/bid/22664

[Vendor Advisory] http://securityvulns.com/advisories/readdirectorychanges.asp

[Mailing List] http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052613.html

[Vendor Advisory] http://secunia.com/advisories/24245

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/460899/100/0/threaded

[Vendor Advisory] http://www.vupen.com/english/advisories/2007/0701

[Third Party Advisory, VDB Entry] http://osvdb.org/33474

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/32644

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/460887/100/0/threaded

[Third Party Advisory] http://securityreason.com/securityalert/2282

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/163755/Microsoft-Windows-Malicious-Software-Removal-Tool-Privilege-Escalation.html

Scores

EPSS 0.0037

EPSS Percentile 59.1%

Details

CWE

CWE-264

Status published

Products (4)

microsoft/windows_2000

microsoft/windows_2003_server

microsoft/windows_vista

microsoft/windows_xp (12 CPE variants)

Published Feb 23, 2007

Tracked Since Feb 18, 2026