CVE-2007-0843

Microsoft Windows 2000-XP-Vista - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-0843. PoCs published by 3APA3A, z3APA3A.

AI-analyzed exploit summary This exploit demonstrates a local information disclosure vulnerability in Microsoft Windows by monitoring directory changes, including files the user has no access to, via the ReadDirectoryChangesW API. It leverages the FILE_FLAG_BACKUP_SEMANTICS flag to bypass permission checks and observe file operations.

Description

The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.

Exploits (2)

exploitdb WORKING POC VERIFIED
by 3APA3A · clocalwindows
https://www.exploit-db.com/exploits/29630

This exploit demonstrates a local information disclosure vulnerability in Microsoft Windows by monitoring directory changes, including files the user has no access to, via the ReadDirectoryChangesW API. It leverages the FILE_FLAG_BACKUP_SEMANTICS flag to bypass permission checks and observe file operations.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows (pre-2007)
No auth needed
Prerequisites: Local access to the target system
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 9 stars
by z3APA3A · poc
https://github.com/z3APA3A/spydir

The repository contains a functional exploit PoC for CVE-2007-0843, which leverages the ReadDirectoryChangesW API to monitor directory changes, including files the user has no access to, due to improper permission handling in Windows. The code demonstrates the vulnerability by creating a directory handle with FILE_FLAG_BACKUP_SEMANTICS and monitoring changes without proper access checks.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows (versions affected by CVE-2007-0843)
No auth needed
Prerequisites: Access to a Windows system affected by CVE-2007-0843
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (11)

Core 11
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22664
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24245
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/460899/100/0/threaded
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0701
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/33474
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/32644
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/460887/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2282

Scores

EPSS 0.0361
EPSS Percentile 88.0%

Details

CWE
CWE-264
Status published
Products (4)
microsoft/windows_2000
microsoft/windows_2003_server
microsoft/windows_vista
microsoft/windows_xp (12 CPE variants)
Published Feb 23, 2007
Tracked Since Feb 18, 2026