CVE-2007-5352

Published: Jan 8, 2008Modified: Apr 23, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.

Affected (4)

Products: Microsoft: Windows 2000, Windows 2003 Server, Windows Xp

3 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 2000	All versions
Microsoft Windows 2003 Server	Version sp1
Microsoft Windows 2003 Server	Version sp2
Microsoft Windows Xp	All versions

Related CWEs

CWE-264

References (20)

http://secunia.com/advisories/28341

Source: secure@microsoft.com

Patch

http://securitytracker.com/id?1019165

Source: secure@microsoft.com

http://www.kb.cert.org/vuls/id/410025

Source: secure@microsoft.com

US Government Resource

http://www.securityfocus.com/archive/1/486317/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/bid/27099

Source: secure@microsoft.com

http://www.us-cert.gov/cas/techalerts/TA08-008A.html

Source: secure@microsoft.com

US Government Resource

http://www.vupen.com/english/advisories/2008/0070

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-002

Source: secure@microsoft.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/39233

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5408

Source: secure@microsoft.com

http://secunia.com/advisories/28341