|
|
|
|
| |
Credit:
The information has been provided by Microsoft Product Security.
The original article can be found at: http://www.microsoft.com/technet/security/Bulletin/MS07-032.mspx
|
| |
Vulnerable Systems:
* Windows Vista - Information Disclosure - Moderate
* Windows Vista x64 Edition - Information Disclosure - Moderate
Immune Systems:
* Windows 2000 Service Pack 4
* Windows XP Service Pack 2
* Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
* Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
* Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
* Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
Permissive User Information Store ACLs Information Disclosure Vulnerability - CVE-2007-2229
There is an information disclosure vulnerability in Windows Vista that could allow non-privileged users to access local user information data stores including administrative passwords contained within the registry and local file system. The vulnerability could allow a local attacker to have access to user account data that could then be used in an attempt to gain full access to the affected system.
To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2007-2229.
Mitigating Factors for Permissive User Information Store ACLs Information Disclosure Vulnerability - CVE-2007-2229
Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factor may be helpful in your situation:
An attacker must have valid logon credentials.
|
|
|
|
|
