20 matches found
CVE-2011-1967
Winsrv.dll in the Client/Server Run-time Subsystem aka CSRSS in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process...
Design/Logic Flaw
Winsrv.dll in the Client/Server Run-time Subsystem aka CSRSS in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process...
CVE-2011-1967
CVE-2011-1967 affects the Windows Client/Server Run-time Subsystem (CSRSS) via the Winsrv.dll component. The root cause is improper permission checks when a lower‑integrity process sends inter‑process device‑event messages to a higher‑integrity CSRSS, enabling local privilege escalation. Affected...
CVE-2011-1967
Winsrv.dll in the Client/Server Run-time Subsystem aka CSRSS in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process...
Microsoft Windows CSRSS "SrvGetConsoleTitle()"本地类型转换安全漏洞
BUGTRAQ ID: 49013 Microsoft Windows是微软发布的非常流行的操作系统。 Microsoft Windows CSRSS子系统在SrvGetConsoleTitle的实现上存在本地模式化安全漏洞,本地攻击者可利用此漏洞造成拒绝服务或获取敏感信息。 此漏洞源于在执行某些尺寸检查时,CSRSS中的"SrvGetConsoleTitle"函数winsrv.dll存在类型转换错误。这可导致泄漏某些CSRSS内存或引用无效内存,造成内核崩溃。 Microsoft Windows XP 厂商补丁: Microsoft ---------...
MS11-056: Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938)
The remote host allows elevation of privileges in its Windows Client/Server run-time subsystem CSRSS. An attacker could exploit these vulnerabilities to run arbitrary code in kernel mode. The attacker must have valid login credentials and be able to log on locally in order to exploit these...
MS10-069: Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege (2121546)
The remote host allows elevation of privileges in its Windows Client/Server run-time subsystem CSRSS because of the way CSRSS assigns memory-specific user transactions. An attacker might exploit this to run arbitrary code in the security context of the local system. C Tenable Network Security, In...
Microsoft Windows Csrss HardError 消息多个安全漏洞
Microsoft Windows是一款流行的操作系统。 Microsoft Windows处理特殊参数的部分API调用时存在问题,本地攻击者可以利用漏洞获得敏感信息或对系统进行拒绝服务攻击。 Microsoft Windows的WINSRV.DLL在处理HardError消息时存在两次释放错误。攻击者如果把MessageBox函数的caption或text参数设置为以“??\”开始的字符串,那么畸形的参数会触发内核内存破坏,导致系统崩溃。 另外CSRSS.exe没有正确的验证由NtRaiseHardError传送的参数,可允许攻击者浏览CSRSS进程内存的内容,导致敏感信息泄露。...
Exploits Microsoft Windows NtRaiseHardError Csrss.exe-winsrv.dll Double Free
No description provided by source. ///////////////////////////////////////// ///////////////////////////////////////// ///// Microsoft Windows NtRaiseHardError ///// Csrss.exe-winsrv.dll Double Free ///////////////////////////////////////// ///// Ruben Santamarta ///// ruben at reversemode dot co...
MS Windows NtRaiseHardError Csrss.exe-winsrv.dll Double Free
No description provided by source. ///////////////////////////////////////// ///////////////////////////////////////// ///// Microsoft Windows NtRaiseHardError ///// Csrss.exe-winsrv.dll Double Free ///////////////////////////////////////// ///// Ruben Santamarta ///// ruben at reversemode dot co...
MS Windows NtRaiseHardError Csrss.exe-winsrv.dll Double Free
Exploit for unknown platform in category dos / poc ============================================================ MS Windows NtRaiseHardError Csrss.exe-winsrv.dll Double Free ============================================================ /////////////////////////////////////////...
csrss.exe double-free vulnerability - arbitrary DWORD overwrite exploit
Hi, For those researchers who are interested in the Csrss Double-Free vulnerability, I have coded an arbitrary DWORD overwrite exploit. This flaw is hard to exploit at least for me due to the the "fail-and-die" situation. Corrupting the heap in a process like Csrss is dangerous. However, by...
Microsoft Windows - Csrss.exewinsrv.dll NtRaiseHardError Double-Free
Microsoft Windows - Csrss.exewinsrv.dll NtRaiseHardError Double-Free ///////////////////////////////////////// ///////////////////////////////////////// ///// Microsoft Windows NtRaiseHardError ///// Csrss.exe-winsrv.dll Double Free ///////////////////////////////////////// ///// Ruben Santamarta...
Microsoft Windows - 'Csrss.exe/winsrv.dll' NtRaiseHardError Double-Free
///////////////////////////////////////// ///////////////////////////////////////// ///// Microsoft Windows NtRaiseHardError ///// Csrss.exe-winsrv.dll Double Free ///////////////////////////////////////// ///// Ruben Santamarta ///// ruben at reversemode dot com ///// www.reversemode.com...
CVE-2006-6696
Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MBSERVICENOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem CSRSS process, which ...
CVE-2006-6696
CVE-2006-6696 is a CSRSS vulnerability in Windows where improper handling of a MessageBox call with MB_SERVICE_NOTIFICATION can send a crafted HardError to CSRSS, enabling remote code execution. Public details indicate the issue affects multiple Windows versions (Windows 2000, XP, Server 2003, Vi...
CVE-2005-0551
Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System CSRSS process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long...
CVE-2005-0551
CVE-2005-0551 corresponds to a local privilege-elevation vulnerability in CSRSS (Client Server Runtime Subsystem) via WINSRV.DLL handling a console window FaceName string. A stack-based buffer overflow in CONSOLE_STATE_INFO (FaceName[32]) can be triggered by a crafted console window, enabling a l...
CVE-2005-0551
Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System CSRSS process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long...
iDEFENSE Security Advisory 04.12.05: Microsoft Windows CSRSS.EXE Stack Overflow Vulnerability
Microsoft Windows CSRSS.EXE Stack Overflow Vulnerability iDEFENSE Security Advisory 04.12.05 www.idefense.com/application/poi/display?id=230&type=vulnerabilities April 12, 2005 I. BACKGROUND The Win32 application-programming interface API offers a console windows feature that provides a means to...