PRIOn knowledge basePRION:CVE-2011-3408Privilege escalation
6.8 Medium
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
27.0%
Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka “CSRSS Local Privilege Elevation Vulnerability.”
| CPE | Name | Operator | Version |
|---|---|---|---|
| windows_7 | eq | sp1x86 | |
| windows_7 | eq | sp1x64 | |
| windows_server_2008 | eq | r2 itanium | |
| windows_server_2008 | eq | r2 x64 | |
| windows_server_2008 | eq | sp2itanium | |
| windows_xp | eq | sp2x64 |
Related
6.8 Medium
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
27.0%