Lucene search

[email protected]NVD:CVE-2007-0436

HistoryFeb 04, 2007 - 12:28 a.m.

CVE-2007-0436

2007-02-0400:28:00

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

25.8%

JSON

Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install BMS1472) in X-Kryptor Secure Client does not drop privileges when launching an Explorer window in response to a help command, which allows local users to gain LocalSystem privileges via interactive use of Explorer.

Affected configurations

Nvd

Node

barron_mccanninstallMatchbms1472

barron_mccannx-kryptor_driverMatchbms1446hrr

barron_mccannx-kryptor_secure_client

barron_mccannxgntrMatchbms1351

VendorProductVersionCPE
barron_mccanninstallbms1472cpe:2.3:a:barron_mccann:install:bms1472:*:*:*:*:*:*:*
barron_mccannx-kryptor_driverbms1446hrrcpe:2.3:a:barron_mccann:x-kryptor_driver:bms1446hrr:*:*:*:*:*:*:*
barron_mccannx-kryptor_secure_client*cpe:2.3:a:barron_mccann:x-kryptor_secure_client:*:*:*:*:*:*:*:*
barron_mccannxgntrbms1351cpe:2.3:a:barron_mccann:xgntr:bms1351:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
barron_mccann	install	bms1472	cpe:2.3:a:barron_mccann:install:bms1472:::::::*
barron_mccann	x-kryptor_driver	bms1446hrr	cpe:2.3:a:barron_mccann:x-kryptor_driver:bms1446hrr:::::::*
barron_mccann	x-kryptor_secure_client	*	cpe:2.3:a:barron_mccann:x-kryptor_secure_client::::::::
barron_mccann	xgntr	bms1351	cpe:2.3:a:barron_mccann:xgntr:bms1351:::::::*

References

jvn.jp/niscc/NISCC-462660/index.html

osvdb.org/33110

secunia.com/advisories/24045

www.barronmccann.com/ISec/s2pressrelease.asp?PRID=141&S2ID=14

www.bemacpromotions.com/files/xkpatch462660.zip

www.cpni.gov.uk/Products/advisories/default.aspx?id=al-20070129-0107.xml

www.cpni.gov.uk/Products/vulnerabilitydisclosures/default.aspx?id=va-20070129-0107.xml

www.securityfocus.com/bid/22424

www.vupen.com/english/advisories/2007/0496

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

25.8%

JSON

Related for NVD:CVE-2007-0436

prion1 securityvulns1 cve1 cvelist1