Vulnerability Note VU#768440

Microsoft Windows Services for UNIX privilege escalation vulnerability

Original Release date: 12 Sep 2007 | Last revised: 12 Sep 2007


Microsoft Windows Services for UNIX contains a vulnerability that may allow a local, authenticated attacker to gain elevated privileges.


Windows Services for UNIX fails to properly handle setuid binary files. An attacker may be able to trigger this vulnerability by running a specially crafted setuid binary file.

For more information, please see Microsoft Security Bulletin MS07-053.


A local, authenticated attacker may be able to gain elevated privileges on a vulnerable system.


Microsoft has released updates in Microsoft Security Bulletin MS07-053 to address this issue.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Microsoft CorporationAffected-12 Sep 2007
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This vulnerability was reported in Microsoft Security Bulletin MS07-053. Microsoft thanks Brian Reiter of WolfeReiter for reporting the vulnerability to them.

This document was written by Katie Steiner.

Other Information

  • CVE IDs: CVE-2007-3036
  • Date Public: 11 Sep 2007
  • Date First Published: 12 Sep 2007
  • Date Last Updated: 12 Sep 2007
  • Severity Metric: 0.37
  • Document Revision: 10


If you have feedback, comments, or additional information about this vulnerability, please send us email.