CVE-2007-1206
Description
The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying the "zero page" during a race condition before the view is unmapped.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Local users can elevate privileges on Windows systems via insecure VDM memory permissions, allowing arbitrary code execution with full system control.
Vulnerability
The Windows Kernel's Virtual DOS Machine (VDM) in Windows NT 4.0, 2000 SP4, XP SP2, Server 2003 (all SP versions), and Vista before June 2006 uses PAGE_READWRITE permissions for a physical memory view [1]. This insecure permission setting allows a local user to modify the "zero page" during a race condition before the view is unmapped, leading to an elevation of privilege vulnerability [2].
Exploitation
An attacker must have local access and be able to run a specially crafted application [1]. The exploit relies on a race condition where the attacker modifies the zero page between the time the kernel maps the memory view with insecure permissions and the time it unmaps that view [2]. This requires precise timing and the ability to execute code on the target system.
Impact
Successful exploitation allows a local, authenticated attacker to execute arbitrary code with elevated privileges, potentially gaining complete control of the affected system [1]. The attacker could then install programs, view/change/delete data, or create new accounts with full user rights [1]. The compromised privilege level is kernel or system, bypassing normal user restrictions.
Mitigation
Microsoft released security update MS07-022 to address this vulnerability on April 10, 2007 [1]. Affected systems should apply the update at the earliest opportunity [2]. No workarounds are documented; the the only official mitigation is installing the update provided in MS07-022 [1].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
8cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
- (no CPE)range: = SP4
cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
- (no CPE)
- cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- secunia.com/advisories/24834nvdVendor Advisory
- www.vupen.com/english/advisories/2007/1326nvdVendor Advisory
- www.kb.cert.org/vuls/id/337953nvdUS Government Resource
- www.us-cert.gov/cas/techalerts/TA07-100A.htmlnvdUS Government Resource
- research.eeye.com/html/advisories/published/AD20070410a.htmlnvd
- securitytracker.com/idnvd
- www.osvdb.org/34011nvd
- www.securityfocus.com/archive/1/465232/100/0/threadednvd
- www.securityfocus.com/archive/1/466331/100/200/threadednvd
- www.securityfocus.com/bid/23367nvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-022nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1639nvd
News mentions
0No linked articles in our index yet.