Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Vulnerabilities in Windows Client/Server Run
Informations
Name MS11-056 First vendor Publication 2011-07-12
Vendor Microsoft Last vendor Modification 2011-07-21
Severity (Vendor) Important Revision 1.1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Important

Revision Note: V1.1 (July 21, 2011): Added a link to Microsoft Knowledge Base Article 2507938 under Known Issues in the Executive Summary.

Summary: This security update resolves five privately reported vulnerabilities in the Microsoft Windows Client/Server Run-time Subsystem (CSRSS). The vulnerabilities could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.

Original Source

Url : http://technet.microsoft.com/en-us/security/bulletin/ms11-056

CWE : Common Weakness Enumeration

% Id Name
60 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
40 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12362
 
Oval ID: oval:org.mitre.oval:def:12362
Title: CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability
Description: The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1283
 Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12402
 
Oval ID: oval:org.mitre.oval:def:12402
Title: CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability
Description: The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1282
 Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12602
 
Oval ID: oval:org.mitre.oval:def:12602
Title: CSRSS Local EOP AllocConsole Vulnerability
Description: The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1281
 Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12734
 
Oval ID: oval:org.mitre.oval:def:12734
Title: CSRSS Local EOP SrvWriteConsoleOutput Vulnerability
Description: Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1284
 Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12889
 
Oval ID: oval:org.mitre.oval:def:12889
Title: CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability
Description: Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1870
 Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1
Os 3
Os 1
Os 8
Os 2
Os 2

OpenVAS Exploits

Date Description
2011-07-13 Name : Microsoft Windows CSRSS Privilege Escalation Vulnerabilities (2507938)
File : nvt/secpod_ms11-056.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
73796 Microsoft Windows CSRSS SrvSetConsoleLocalEUDC() Function NULL Page Data Writ...
73795 Microsoft Windows CSRSS SrvWriteConsoleOutputString() Function Local Overflow
73794 Microsoft Windows CSRSS SrvWriteConsoleOutput() Function Local Overflow
73793 Microsoft Windows CSRSS SrvSetConsoleNumberOfCommand() Function Kernel Memory...
73792 Microsoft Windows CSRSS AllocConsole() Function Multiple Console Object Orpha...

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft CSRSS integer overflow attempt
RuleID : 19464 - Revision : 7 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows CSRSS double free attempt
RuleID : 19463 - Revision : 10 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows CSRSS negative array index code execution attempt
RuleID : 19462 - Revision : 10 - Type : OS-WINDOWS
2014-01-10 Microsoft CSRSS NULL Fontface pointer attempt
RuleID : 19461 - Revision : 13 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows CSRSS multiple consoles on a single process attempt
RuleID : 19460 - Revision : 7 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date Description
2011-07-12 Name : Users can elevate their privileges on the remote host.
File : smb_nt_ms11-056.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:47:02
  • Multiple Updates
2014-01-19 21:30:42
  • Multiple Updates