CVE-2007-1209

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista

Description A use-after-free issue in the Client/Server Run-time Subsystem (CSRSS) does not properly handle connection resources when starting and stopping processes. This allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure. The vulnerability exists in the way that the Windows 32 Client/Server Run-time Subsystem (CSRSS) handles its connections during the startup and stopping of processes.

Recommendations For Microsoft Windows Vista, apply the recommended patch or update to fix the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.