Windows CSRSS子系统SrvWriteConsoleOutputString权限提升漏洞(CVE-2011-1870)(MS11-056)

2011-07-14T00:00:00
ID SSV:20722
Type seebug
Reporter Root
Modified 2011-07-14T00:00:00

Description

BUGTRAQ ID: 48605 CVE ID: CVE-2011-1870

Microsoft Windows是微软发布的非常流行的操作系统。

Microsoft Windows CSRSS子系统SrvWriteConsoleOutputString实现上存在漏洞,本地攻击者可利用此漏洞在内核模式中执行任意代码。

此漏洞源于CSRSS子系统中的SrvWriteConsoleOutputString存在整数溢出漏洞,可造成内存破坏。

Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2003 Microsoft Windows 7 厂商补丁:

Microsoft

Microsoft已经为此发布了一个安全公告(MS11-056)以及相应补丁:

MS11-056:Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938)

链接:http://www.microsoft.com/technet/security/bulletin/MS11-056.asp