{"api_version":"1","generated_at":"2026-05-03T03:49:47+00:00","cve":"CVE-2007-4315","urls":{"html":"https://cve.report/CVE-2007-4315","api":"https://cve.report/api/cve/CVE-2007-4315.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-4315","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-4315"},"summary":{"title":"CVE-2007-4315","description":"The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows local users to bypass the driver signing policy, write to arbitrary kernel memory locations, and thereby gain privileges via unspecified vectors, as demonstrated by \"Purple Pill\".","state":"PUBLISHED","assigner":"mitre","published_at":"2007-08-13 21:17:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-264","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.9","severity":"","vector":"AV:L/AC:M/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","baseScore":6.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://blogs.zdnet.com/security/?p=427","name":"http://blogs.zdnet.com/security/?p=427","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Vista kernel tampering tool released, then mysteriously disappears | Zero Day | ZDNet.com","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/25265","name":"http://www.securityfocus.com/bid/25265","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"AMD ATI ATIDSMXX.SYS Driver Local Privilege Escalation Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/26448","name":"http://secunia.com/advisories/26448","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"AMD Catalyst Software Suite DSM Dynamic Driver Vista Kernel Protection Bypass - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://blogs.zdnet.com/security/?p=438","name":"http://blogs.zdnet.com/security/?p=438","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"» UPDATE: ATI driver flaw exposes Vista kernel to attackers | Zero Day | ZDNet.com","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-4315","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-4315","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"4315","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"amd","cpe5":"catalyst_driver","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4315","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ati","cpe5":"catalyst_driver","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4315","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_vista","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T14:53:55.183Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"26448","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/26448"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://blogs.zdnet.com/security/?p=438"},{"name":"25265","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/25265"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://blogs.zdnet.com/security/?p=427"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-08-10T00:00:00.000Z","descriptions":[{"lang":"en","value":"The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows local users to bypass the driver signing policy, write to arbitrary kernel memory locations, and thereby gain privileges via unspecified vectors, as demonstrated by \"Purple Pill\"."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2007-08-22T09:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"26448","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/26448"},{"tags":["x_refsource_MISC"],"url":"http://blogs.zdnet.com/security/?p=438"},{"name":"25265","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/25265"},{"tags":["x_refsource_MISC"],"url":"http://blogs.zdnet.com/security/?p=427"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-4315","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows local users to bypass the driver signing policy, write to arbitrary kernel memory locations, and thereby gain privileges via unspecified vectors, as demonstrated by \"Purple Pill\"."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"26448","refsource":"SECUNIA","url":"http://secunia.com/advisories/26448"},{"name":"http://blogs.zdnet.com/security/?p=438","refsource":"MISC","url":"http://blogs.zdnet.com/security/?p=438"},{"name":"25265","refsource":"BID","url":"http://www.securityfocus.com/bid/25265"},{"name":"http://blogs.zdnet.com/security/?p=427","refsource":"MISC","url":"http://blogs.zdnet.com/security/?p=427"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-4315","datePublished":"2007-08-13T21:00:00.000Z","dateReserved":"2007-08-13T00:00:00.000Z","dateUpdated":"2024-08-07T14:53:55.183Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-08-13 21:17:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-264","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","baseScore":6.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:amd:catalyst_driver:*:*:*:*:*:*:*:*","matchCriteriaId":"9AC4E5D1-DA07-4907-8AC7-05764322C414"},{"vulnerable":true,"criteria":"cpe:2.3:a:ati:catalyst_driver:*:*:*:*:*:*:*:*","matchCriteriaId":"62E822DD-6123-4CD8-9FE4-BC8A91D94F80"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*","matchCriteriaId":"3852BB02-47A1-40B3-8E32-8D8891A53114"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"4315","Ordinal":"1","Title":"CVE-2007-4315","CVE":"CVE-2007-4315","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"4315","Ordinal":"1","NoteData":"The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows local users to bypass the driver signing policy, write to arbitrary kernel memory locations, and thereby gain privileges via unspecified vectors, as demonstrated by \"Purple Pill\".","Type":"Description","Title":"CVE-2007-4315"},{"CveYear":"2007","CveId":"4315","Ordinal":"2","NoteData":"2007-08-13","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"4315","Ordinal":"3","NoteData":"2007-08-22","Type":"Other","Title":"Modified"}]}}}