<< Back
CVE Number Vulnerability Product Severity Date
MS07-006 Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) Microsoft Windows Low 14-02-2007

Technical Information

Brief overview of the risk:
A privilege elevation vulnerability exists in Windows Shell in the way that the operating system performs detection and registration of new hardware. This vulnerability could allow an authenticated user to take complete control of the system.
Detailed Information on the risk:
This bulletin covers a privilege escalation issue in the Windows Shell new hardware detection code. Unprivileged users can convince Windows to execute their code in a privileged context when a new hardware event takes place, such as when a CD is inserted or a USB device is plugged in.Further information on this exploit is available at : MS07-006

Affected Software

Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition