Microsoft Windows CSRSS HardError Message Box (MS07-021; CVE-2006-6696)

The Microsoft Windows operating system is one of the most popular systems in use on workstations, home computers, and servers. The operating system is split into several subsystems one of which is the user space subsystem called the Client/Server Runtime Server Subsystem CSRSS. The CSRSS contains...

Microsoft Windows CSRSS HardError消息拒绝服务漏洞

Microsoft Windows是一款商业性质的操作系统。 Microsoft Windows客户端/服务端实时子系统处理错误消息存在问题，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 攻击者通过构建特殊的应用程序来触发此漏洞，可导致对应用程序进行拒绝服务攻击。目前没有详细漏洞细节提供。 Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition Microsoft Windows XP...

Microsoft Windows Csrss HardError 消息多个安全漏洞

Microsoft Windows是一款流行的操作系统。 Microsoft Windows处理特殊参数的部分API调用时存在问题，本地攻击者可以利用漏洞获得敏感信息或对系统进行拒绝服务攻击。 Microsoft Windows的WINSRV.DLL在处理HardError消息时存在两次释放错误。攻击者如果把MessageBox函数的caption或text参数设置为以“??\”开始的字符串，那么畸形的参数会触发内核内存破坏，导致系统崩溃。 另外CSRSS.exe没有正确的验证由NtRaiseHardError传送的参数，可允许攻击者浏览CSRSS进程内存的内容，导致敏感信息泄露。...

CVE-2006-6696

CVE-2006-6696 is a CSRSS vulnerability in Windows where improper handling of a MessageBox call with MB_SERVICE_NOTIFICATION can send a crafted HardError to CSRSS, enabling remote code execution. Public details indicate the issue affects multiple Windows versions (Windows 2000, XP, Server 2003, Vi...

Microsoft Windows CSRSS HardError Messages Denial of Service Vulnerability

Description Microsoft Windows is prone to a local denial-of-service vulnerability because the operating system fails to handle certain API calls with unexpected parameters. A local unprivileged attacker may exploit this issue by executing a malicious application. Successful exploits will allow...