Executive Summary
| Summary | |
|---|---|
| Title | Vulnerability in Windows Client/Server Run |
| Informations | |||
|---|---|---|---|
| Name | MS11-010 | First vendor Publication | 2011-02-08 |
| Vendor | Microsoft | Last vendor Modification | 2011-02-08 |
| Severity (Vendor) | Important | Revision | 1.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:M/Au:N/C:C/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 4.7 | Attack Range | Local |
| Cvss Impact Score | 6.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 3.4 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Revision Note: V1.0 (February 8, 2011): Bulletin publishedSummary: This security update resolves a privately reported vulnerability in the Microsoft Windows Client/Server Run-time Subsystem (CSRSS) in Windows XP and Windows Server 2003. This security update is rated Important for all supported editions of these operating systems. For more information, see the subsection, Affected and Non-Affected Software, in this section. The vulnerability could allow elevation of privilege if an attacker logs on to a user's system and starts a specially crafted application that continues running after the attacker logs off in order to obtain the logon credentials of subsequent users. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. |
Original Source
| Url : http://www.microsoft.com/technet/security/bulletin/MS11-010.mspx |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:12476 | |||
| Oval ID: | oval:org.mitre.oval:def:12476 | ||
| Title: | CSRSS Elevation of Privilege Vulnerability | ||
| Description: | The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0030 | Version: | 4 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 3 | |
| Os | 2 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-02-09 | Name : Windows Client/Server Run-time Subsystem Privilege Elevation Vulnerability (2... File : nvt/secpod_ms11-010.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 70826 | Microsoft Windows CSRSS Logoff Process Termination Local Information Disclosure Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the Client/Server Run-time Subsystem improperly terminates a process when a user logs off, allowing a local attacker to run a program which monitors user actions, disclosing potentially sensitive information from subsequent users, including logon credentials. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2015-07-13 | Microsoft Windows WM_SYSTIMER null pWnd attempt RuleID : 34793 - Revision : 3 - Type : OS-WINDOWS |
| 2015-07-13 | Microsoft Windows WM_SYSTIMER null pWnd attempt RuleID : 34792 - Revision : 3 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows CRSS local process allowed to persist through logon or logo... RuleID : 18400 - Revision : 9 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2011-02-08 | Name : Users can elevate their privileges on the remote host. File : smb_nt_ms11-010.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2015-07-13 21:27:03 |
|
| 2014-02-17 11:46:52 |
|
| 2014-01-19 21:30:36 |
|
| 2013-02-14 17:19:59 |
|
