CVE-2011-1870

2011-07-1323:55:00

CWE-189

[email protected]

web.nvd.nist.gov

integer overflow

csrss

win32 subsystem

microsoft windows xp

windows server 2003

privilege escalation

memory corruption

cve-2011-1870

6.7 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

12.9%

JSON

Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka “CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability.”

CPENameOperatorVersion
microsoft:windows_xpmicrosoft windows xpeq-
microsoft:windows_xpmicrosoft windows xpeq*
microsoft:windows_server_2003microsoft windows server 2003eq*
microsoft:windows_2003_servermicrosoft windows 2003 servereq*

CPE	Name	Operator	Version
microsoft:windows_xp	microsoft windows xp	eq	-
microsoft:windows_xp	microsoft windows xp	eq	*
microsoft:windows_server_2003	microsoft windows server 2003	eq	*
microsoft:windows_2003_server	microsoft windows 2003 server	eq	*