Windows CSRSS子系统SrvSetConsoleNumberOfCommand权限提升漏洞(CVE-2011-1283)(MS11-056)

BUGTRAQ ID: 48604 CVE ID: CVE-2011-1283 Microsoft Windows是微软发布的非常流行的操作系统。 Microsoft Windows CSRSS子系统的SrvSetConsoleNumberOfCommand实现上存在漏洞，本地攻击者可利用此漏洞在内核模式中执行任意代码。 此漏洞源于CSRSS子系统中的SrvSetConsoleNumberOfCommand函数中的数组索引错误，可被利用从某些内核内存位置读取数据。 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows...

CVE-2011-1283

The CVE-2011-1283 entry concerns the Windows CSRSS component in the Win32 subsystem. The vulnerability arises from an array index check flaw in SrvSetConsoleNumberOfCommand, allowing a local attacker to cause memory corruption and elevate privileges by triggering an incorrect memory assignment fo...

MS11-056: Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938)

The remote host allows elevation of privileges in its Windows Client/Server run-time subsystem CSRSS. An attacker could exploit these vulnerabilities to run arbitrary code in kernel mode. The attacker must have valid login credentials and be able to log on locally in order to exploit these...