Published: 23/02/2007 Updated: 09/08/2021

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 465

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows vista
microsoft windows xp
microsoft windows 2000
microsoft windows 2003 server

source: wwwsecurityfocuscom/bid/22664/info Microsoft Windows is prone to a local information-disclosure vulnerability A local attacker may leverage this issue to gain access to potentially sensitive information about user permissions and accessed files Information gained may aid in further attacks against the affected computer /* M ...

C# Linq Script to Monitor a File System for Changes (File Shares, Locla Shares)

MonitorFileSystemWatcher C# Linq Script to Monitor a File System or File Share for Changes It shows Filenames for modified/created Files also for Sub-Directory where the User Account has no Access Rights to Works on all Windows Versions The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista, Windows 8, Windows 10 does not check permission

CWE-264 http://securityvulns.com/advisories/readdirectorychanges.asp http://www.securityfocus.com/bid/22664 http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052613.html http://secunia.com/advisories/24245 http://securityreason.com/securityalert/2282 http://osvdb.org/33474 http://www.vupen.com/english/advisories/2007/0701 https://exchange.xforce.ibmcloud.com/vulnerabilities/32644 http://www.securityfocus.com/archive/1/460899/100/0/threaded http://www.securityfocus.com/archive/1/460887/100/0/threaded http://packetstormsecurity.com/files/163755/Microsoft-Windows-Malicious-Software-Removal-Tool-Privilege-Escalation.html https://nvd.nist.gov https://github.com/disintegr8te/MonitorFileSystemWatcher https://www.exploit-db.com/exploits/29630/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-0843

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect