Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178) |
Informations | |||
---|---|---|---|
Name | MS07-021 | First vendor Publication | 2007-04-10 |
Vendor | Microsoft | Last vendor Modification | 2007-04-10 |
Severity (Vendor) | Critical | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
This update resolves severalnewly discovered, privately and publicly disclosed vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update immediately. |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-399 | Resource Management Errors |
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1524 | |||
Oval ID: | oval:org.mitre.oval:def:1524 | ||
Title: | CSRSS Local Elevation of Privilege Vulnerability | ||
Description: | Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-1209 | Version: | 5 |
Platform(s): | Microsoft Windows Vista | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1816 | |||
Oval ID: | oval:org.mitre.oval:def:1816 | ||
Title: | MsgBox (CSRSS) Remote Code Execution Vulnerability | ||
Description: | Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-6696 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2013 | |||
Oval ID: | oval:org.mitre.oval:def:2013 | ||
Title: | CSRSS DoS Vulnerability | ||
Description: | The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-6797 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-01-14 | Name : Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnera... File : nvt/gb_ms07-021.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
34008 | Microsoft Windows Vista CSRSS Local Privilege Escalation Microsoft Windows Vista contains a flaw that may allow a malicious local user to gain access to unauthorized privileges and execute arbitrary code with SYSTEM privileges. The issue is triggered due to incorrect handling of system resources by the Client/Server Run-Time Subsystem (CSRSS) at the starting and stopping of a process. This flaw may lead to a loss of integrity and a complete compromise of the affected system. |
31897 | Microsoft Windows CSRSS NtRaiseHardError Function Arbitrary Memory Disclosure |
31659 | Microsoft Windows CSRSS MessageBox Function Privilege Escalation |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows .NET Deploy file download request RuleID : 17510 - Revision : 19 - Type : FILE-IDENTIFY |
2014-01-10 | Microsoft Windows .NET Manifest file download request RuleID : 17509 - Revision : 17 - Type : FILE-IDENTIFY |
2014-01-10 | Microsoft Windows .NET Application file download request RuleID : 17508 - Revision : 20 - Type : FILE-IDENTIFY |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-04-10 | Name : Arbitrary code can be executed on the remote host through the web browser. File : smb_nt_ms07-021.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:45:39 |
|
2013-05-11 12:21:59 |
|