MS07-032: Vulnerability in Windows Vista Could Allow Information Disclosure (931213)

High Nessus Plugin ID 25485


A local user can access sensitive information.


The remote host is running a version of Windows with a bug in the User Information Store ACLs that may allow a local attacker to access privileged information in the registry or on the disk.


Microsoft has released a set of patches for Windows Vista.

See Also

Plugin Details

Severity: High

ID: 25485

File Name: smb_nt_ms07-032.nasl

Version: $Revision: 1.26 $

Type: local

Agent: windows

Published: 2007/06/12

Modified: 2017/08/10

Dependencies: 13855, 57033

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/06/12

Vulnerability Publication Date: 2007/06/12

Reference Information

CVE: CVE-2007-2229

BID: 24411

OSVDB: 35344

MSFT: MS07-032

MSKB: 931213

CWE: 264