CVE-2007-1206

Name of the Vulnerable Software and Affected Versions Windows NT 4.0 Windows 2000 SP4 Windows XP SP2 Windows Server 2003 Windows Server 2003 SP1 Windows Server 2003 SP2 Windows Vista before June 2006

Description A privilege elevation issue exists due to incorrect permissions on a mapped memory segment. This allows local users to gain privileges by modifying the zero page during a race condition before the view is unmapped. An attacker who successfully exploited this issue could take complete control of an affected system.

Recommendations For Windows NT 4.0, update the system to apply the necessary security fixes. For Windows 2000 SP4, apply the patch to fix the insecure permissions issue. For Windows XP SP2, install the update that corrects the permissions on the mapped memory segment. For Windows Server 2003, Windows Server 2003 SP1, and Windows Server 2003 SP2, apply the security patch to resolve the issue. For Windows Vista before June 2006, update the system to a version released after June 2006 to ensure the fix is applied.