CVE-2007-4969 - Vulnerability Details - OpenCVE

Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtLoadKey, (4) NtOpenKey, (5) NtQueryValueKey, (6) NtSetValueKey, and (7) NtUnloadKey.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sysinternals	Process Monitor

Configuration 1 [-]

cpe:2.3:a:sysinternals:process_monitor:1.22:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/45953
http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php
http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php
http://www.securityfocus.com/archive/1/479830/100/0/threaded
http://www.securityfocus.com/bid/25719

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-09-19T01:00:00

Updated: 2024-08-07T15:17:27.465Z

Reserved: 2007-09-18T00:00:00

Link: CVE-2007-4969

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-09-19T01:17:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-4969

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-09-18T00:00:00", "descriptions": [{"lang": "en", "value": "Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtLoadKey, (4) NtOpenKey, (5) NtQueryValueKey, (6) NtSetValueKey, and (7) NtUnloadKey."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "25719", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25719"}, {"tags": ["x_refsource_MISC"], "url": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php"}, {"name": "45953", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/45953"}, {"tags": ["x_refsource_MISC"], "url": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php"}, {"name": "20070918 Plague in (security) software drivers & BSDOhook utility", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/479830/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4969", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtLoadKey, (4) NtOpenKey, (5) NtQueryValueKey, (6) NtSetValueKey, and (7) NtUnloadKey."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "25719", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25719"}, {"name": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php", "refsource": "MISC", "url": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php"}, {"name": "45953", "refsource": "OSVDB", "url": "http://osvdb.org/45953"}, {"name": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php", "refsource": "MISC", "url": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php"}, {"name": "20070918 Plague in (security) software drivers & BSDOhook utility", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/479830/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:17:27.465Z"}, "title": "CVE Program Container", "references": [{"name": "25719", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25719"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php"}, {"name": "45953", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/45953"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php"}, {"name": "20070918 Plague in (security) software drivers & BSDOhook utility", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/479830/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4969", "datePublished": "2007-09-19T01:00:00", "dateReserved": "2007-09-18T00:00:00", "dateUpdated": "2024-08-07T15:17:27.465Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sysinternals:process_monitor:1.22:*:*:*:*:*:*:*", "matchCriteriaId": "E323A84E-A775-49A1-B262-0D7FB0CF25ED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtLoadKey, (4) NtOpenKey, (5) NtQueryValueKey, (6) NtSetValueKey, and (7) NtUnloadKey."}, {"lang": "es", "value": "Process Monitor 1.22 no valida adecuadamente ciertos par\u00e1metros a los manejadores de funciones de Tablas de Descripci\u00f3n de Servicios del Sistema (SSDT), lo cual permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente obtener privilegios mediante ganchos SSDT del n\u00facleo para funciones de la API nativa de Windows entre las que se incluyen (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtLoadKey, (4) NtOpenKey, (5) NtQueryValueKey, (6) NtSetValueKey, y (7) NtUnloadKey."}], "id": "CVE-2007-4969", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-09-19T01:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/45953"}, {"source": "cve@mitre.org", "url": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php"}, {"source": "cve@mitre.org", "url": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/479830/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25719"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/45953"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/479830/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/25719"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}