Информационная безопасность
[RU] switch to English


Повреждение памяти в Microsoft Windows (memory corruption)
дополнено с 16 декабря 2006 г.
Опубликовано:11 апреля 2007 г.
Источник:
SecurityVulns ID:6944
Тип:библиотека
Уровень опасности:
7/10
Описание:Повреждение памяти CSRSS при выводе на экран сообщения MessageBox с параметром MB_SERVICE_NOTIFICATION, начинающегося на "\??\"
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-1209 (Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.)
 CVE-2006-6797 (The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696.)
 CVE-2006-6696 (Double-free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.)
Оригинальный текстdocumentEEYE, EEYE: Windows Vista CSRSS Dangling Process Pointer Privilege Escalation (11.04.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-021 Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178) (11.04.2007)
 documentReversemode, csrss.exe double-free vulnerability - arbitrary DWORD overwrite exploit (31.12.2006)
 document3APA3A, Microsoft Windows csrss (?) memory corruption exploited in-the-wild (16.12.2006)
 documentwins mallow, ms ;) (16.12.2006)
Файлы:exploit NtRaiseHardError privesc and load dll into csrss
 Microsoft MessageBox memory corruption PoC
 Exploits Microsoft Windows NtRaiseHardError Csrss.exe-winsrv.dll Double Free
 Microsoft Security Bulletin MS07-021 Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)
 Убийственный MessageBox от Мелкомягких
 Windows CSRSS HardError Message Box Vulnerability

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород