Unrated severityNVD Advisory· Published Apr 10, 2007· Updated Jun 16, 2026

CVE-2007-1209

Description

Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Microsoft/Windows
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
Microsoft/Windows Vistallm-fuzzy

Patches

Vulnerability mechanics

References

www.vupen.com/english/advisories/2007/1325nvdVendor Advisory
www.kb.cert.org/vuls/id/219848nvdUS Government Resource
www.us-cert.gov/cas/techalerts/TA07-100A.htmlnvdUS Government Resource
research.eeye.com/html/advisories/published/AD20070410b.htmlnvd
secunia.com/advisories/24823nvd
securityreason.com/securityalert/2531nvd
www.osvdb.org/34008nvd
www.securityfocus.com/archive/1/465233/100/0/threadednvd
www.securityfocus.com/archive/1/466331/100/200/threadednvd
www.securityfocus.com/bid/23338nvd
www.securitytracker.com/idnvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1524nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000