===================================================================== CERT-Renater Note d'Information No. 2007/VULN046 _____________________________________________________________________ DATE : 14/02/2007 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Windows XP, Windows Server 2003 running Windows Shell. ====================================================================== MS07-006 - Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) Affected Software: - Microsoft Windows XP Service Pack 2 - Microsoft Windows XP Professional x64 Edition - Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 - Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems - Microsoft Windows Server 2003 x64 Edition Non-Affected Software: - Microsoft Windows 2000 Service Pack 4 - Microsoft Windows Vista Full MS07-006 advisory: http://www.microsoft.com/technet/security/bulletin/ms07-006.mspx Vulnerability Details Windows Shell Hardware Detection Vulnerability - CVE-2007-0211: A privilege elevation vulnerability exists in Windows Shell in the way that the operating system performs detection and registration of new hardware. This vulnerability could allow an authenticated user to take complete control of the system. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================