Unrated severityNVD Advisory· Published Feb 23, 2007· Updated Jun 16, 2026
CVE-2007-0843
CVE-2007-0843
Description
The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
16- cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*+ 11 more
- cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit_2003:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:professional:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:professional:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
Patches
Vulnerability mechanics
References
11- www.securityfocus.com/bid/22664nvdExploit
- secunia.com/advisories/24245nvdVendor Advisory
- securityvulns.com/advisories/readdirectorychanges.aspnvdVendor Advisory
- www.vupen.com/english/advisories/2007/0701nvdVendor Advisory
- lists.grok.org.uk/pipermail/full-disclosure/2007-February/052613.htmlnvd
- osvdb.org/33474nvd
- packetstormsecurity.com/files/163755/Microsoft-Windows-Malicious-Software-Removal-Tool-Privilege-Escalation.htmlnvd
- securityreason.com/securityalert/2282nvd
- www.securityfocus.com/archive/1/460887/100/0/threadednvd
- www.securityfocus.com/archive/1/460899/100/0/threadednvd
- exchange.xforce.ibmcloud.com/vulnerabilities/32644nvd
News mentions
0No linked articles in our index yet.