Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:219848
HistoryApr 10, 2007 - 12:00 a.m.

Microsoft Windows Vista CSRSS privilege escalation vulnerability

2007-04-1000:00:00
www.kb.cert.org
17

0.001 Low

EPSS

Percentile

20.7%

JSON

Overview

The Microsoft Windows Client/Server Run-time Subsystem (CSRSS) process fails to properly handle error messages. This vulnerability may allow an attacker to execute arbitrary code.

Description

The Microsoft Client/Server Run-time Subsystem (CSRSS) is an essential subsystem. CSRSS is responsible for console windows and creating and deleting threads.

According to Microsoft Security Bulletin MS07-021:

A privilege elevation vulnerability exists in the way that the Windows 32 Client/Server Run-time Subsystem (CSRSS) handles its connections during the startup and stopping of processes.

Impact

A local authenticated attacker may be able to gain elevated privileges.

Solution

Apply update from Microsoft

Microsoft has released an update for this vulnerability in Microsoft Security Bulletin MS07-021.

Vendor Information

219848

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft Corporation __ Affected

Updated: April 10, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

See <http://www.microsoft.com/technet/security/bulletin/ms07-021.mspx&gt; for more details.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23219848 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

<http://www.microsoft.com/technet/security/bulletin/ms07-021.mspx&gt;

Acknowledgements

Thanks to Microsoft for information that was used in this report. Microsoft credits eEye for reporting this vulnerability.

This document was written by Ryan Giobbi.

Other Information

CVE IDs: CVE-2007-1209
Severity Metric: 0.08 Date Public:

Related

prion 1
cvelist 1
cve 1
openvas 2
securityvulns 2
nessus 1
prion
prion
Design/Logic Flaw
2007-04-10 21:19:00
cvelist
cvelist
CVE-2007-1209
2007-04-10 21:00:00
cve
cve
CVE-2007-1209
2007-04-10 21:19:00
openvas
openvas
Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability (930178)
2011-01-14 00:00:00
Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability (930178)
2011-01-14 00:00:00
securityvulns
securityvulns
Microsoft Windows memory corruption
2007-04-11 00:00:00
Microsoft Security Bulletin MS07-021 Vulnerabilities in CSRSS Could Allow Remote Code Execution &#40;930178&#41;
2007-04-11 00:00:00
nessus
nessus
MS07-021: Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)
2007-04-10 00:00:00

0.001 Low

EPSS

Percentile

20.7%

JSON
Related for VU:219848
prion1cvelist1cve1openvas2securityvulns2nessus1