Executive Summary
Informations | |||
---|---|---|---|
Name | MS05-018 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | 2008-12-09 |
Severity (Vendor) | Important | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (December 9, 2008): Bulletin updated to add an entry in the section, Frequently asked questions (FAQ) related to this security update, about the removal of the Windows Server 2003 package. Customers who have already successfully applied this update need not take any action.Summary: This update resolves several newly-discovered, privately-reported vulnerabilities. Each vulnerability is documented in this bulletin in its own ?Vulnerability Details? section of this bulletin. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update at the earliest opportunity. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS05-018.mspx |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1271 | |||
Oval ID: | oval:org.mitre.oval:def:1271 | ||
Title: | Server 2003 Object Management Vulnerability | ||
Description: | Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability". | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0550 | Version: | 1 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Windows kernel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:1656 | |||
Oval ID: | oval:org.mitre.oval:def:1656 | ||
Title: | Windows XP,SP2 Access Requests Privilege Escalation Vulnerability | ||
Description: | The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0061 | Version: | 5 |
Platform(s): | Microsoft Windows XP | Product(s): | Windows kernel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1761 | |||
Oval ID: | oval:org.mitre.oval:def:1761 | ||
Title: | Server 2003 Access Requests Privilege Escalation Vulnerability | ||
Description: | The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0061 | Version: | 1 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Windows kernel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:1822 | |||
Oval ID: | oval:org.mitre.oval:def:1822 | ||
Title: | Server 2003 CSRSS Privilege Escalation Vulnerability | ||
Description: | Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0551 | Version: | 1 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Client Server Runtime System (CSRSS) |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:2043 | |||
Oval ID: | oval:org.mitre.oval:def:2043 | ||
Title: | Windows XP,SP2 Object Management Vulnerability | ||
Description: | Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability". | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0550 | Version: | 5 |
Platform(s): | Microsoft Windows XP | Product(s): | Windows kernel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2562 | |||
Oval ID: | oval:org.mitre.oval:def:2562 | ||
Title: | Windows 2000 Font Buffer Overflow | ||
Description: | Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0060 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Windows kernel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:266 | |||
Oval ID: | oval:org.mitre.oval:def:266 | ||
Title: | Windows XP (SP2) CSRSS Privilege Escalation Vulnerability | ||
Description: | Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0551 | Version: | 5 |
Platform(s): | Microsoft Windows XP | Product(s): | Client Server Runtime System (CSRSS) |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2731 | |||
Oval ID: | oval:org.mitre.oval:def:2731 | ||
Title: | Server 2003 Font Buffer Overflow | ||
Description: | Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0060 | Version: | 1 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Windows kernel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:3544 | |||
Oval ID: | oval:org.mitre.oval:def:3544 | ||
Title: | Windows XP CSRSS Privilege Escalation Vulnerability | ||
Description: | Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0551 | Version: | 6 |
Platform(s): | Microsoft Windows XP | Product(s): | Client Server Runtime System (CSRSS) |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3994 | |||
Oval ID: | oval:org.mitre.oval:def:3994 | ||
Title: | Windows XP Access Requests Privilege Escalation Vulnerability | ||
Description: | The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0061 | Version: | 6 |
Platform(s): | Microsoft Windows XP | Product(s): | Windows kernel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4397 | |||
Oval ID: | oval:org.mitre.oval:def:4397 | ||
Title: | Windows XP Object Management Vulnerability | ||
Description: | Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability". | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0550 | Version: | 6 |
Platform(s): | Microsoft Windows XP | Product(s): | Windows kernel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4593 | |||
Oval ID: | oval:org.mitre.oval:def:4593 | ||
Title: | Windows 2000 Access Requests Privilege Escalation Vulnerability | ||
Description: | The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0061 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Windows kernel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:4797 | |||
Oval ID: | oval:org.mitre.oval:def:4797 | ||
Title: | Windows XP Font Buffer Overflow (SP1) | ||
Description: | Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0060 | Version: | 6 |
Platform(s): | Microsoft Windows XP | Product(s): | Windows kernel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4832 | |||
Oval ID: | oval:org.mitre.oval:def:4832 | ||
Title: | Windows 2000 Object Management Vulnerability | ||
Description: | Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability". | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0550 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Windows kernel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:777 | |||
Oval ID: | oval:org.mitre.oval:def:777 | ||
Title: | Windows 2000 CSRSS Privilege Escalation Vulnerability | ||
Description: | Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0551 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Client Server Runtime System (CSRSS) |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2005-09-06 | MS Windows CSRSS Local Privilege Escalation Exploit (MS05-018) |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
15462 | Microsoft Windows CSRSS Local Overflow A local overflow exists in Windows. WINSVR.DLL fails to validate values within the CONSOLE_STATE_INFO struct resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
15461 | Microsoft Windows Object Management Malformed Request DoS A local overflow exists in Windows. The Object Management component fails to validate requests resulting in a buffer overflow. With a specially crafted request, an attacker can cause the system to stop responding and automatically restart resulting in a loss of availability. |
15460 | Microsoft Windows Kernel Access Request Local Privilege Escalation Windows contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a program is run which exploits the way in which the Windows kernel handles certain requests. This flaw may lead to a loss of integrity. |
15459 | Microsoft Windows Font Processing Local Privilege Escalation A local overflow exists in Windows. The kernel fails to validate certain kinds of fonts resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code to execute with kernel privileges resulting in a loss of integrity. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2005-01-19 | IAVM : 2005-A-0001 - Multiple Vulnerabilities in Microsoft Windows Severity : Category I - VMSKEY : V0005996 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2005-04-12 | Name : A local user can elevate his privileges on the remote host. File : smb_nt_ms05-018.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:45:09 |
|
2013-11-11 12:41:03 |
|