Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-3463

Microsoft Windows XP SP2 allows local users, who have sessions created by another user's RunAs (run as) command, to kill arbitrary processes of this other user, as demonstrated by the taskkill program. NOTE: the researcher claims a vendor dispute in which the vendor states that "RunAs and UAC are convenience features, not security boundaries. If you need a security guarantee, please log out and log back in with a different account.

Published

2007-06-27T18:30:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.6 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

3.1

Impact Score

6.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	microsoft	windows_xp	*	Yes

References

http://osvdb.org/39014 ([email protected])
http://www.securityfocus.com/archive/1/472216/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/472282/100/0/threaded ([email protected])
http://osvdb.org/39014 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/472216/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/472282/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)