Security Advisory SA45174 - Microsoft Windows CSRSS Multiple Privilege Escalation Vulnerabilities

Overview

Advisories

Research

Forums

Create Profile

Our Commitment

Database

Advisories by Product

Advisories by Vendor

Terminology

Report Vulnerability

Insecure Library Loading

Secunia Advisory SA45174

Microsoft Windows CSRSS Multiple Privilege Escalation Vulnerabilities

Secunia Advisory

SA45174

Release Date

2011-07-12

Last Update

2011-07-22

Popularity

2,657 views

Comments

0 comments

Criticality level

Less critical

Impact

Privilege escalation

Where

Local system

Authentication level

This information is available to Secunia VIM customers

Report reliability

This information is available to Secunia VIM customers

Solution Status

Vendor Patch

Systems affected

This information is available to Secunia VIM customers

Approve distribution

This information is available to Secunia VIM customers

Remediation status

Secunia CSI, Secunia PSI

Automated scanning

Secunia CSI, Secunia PSI

Operating System

Microsoft Windows 7

Microsoft Windows Server 2003 Datacenter Edition

Microsoft Windows Server 2003 Enterprise Edition

Microsoft Windows Server 2003 Standard Edition

Microsoft Windows Server 2003 Web Edition

Microsoft Windows Server 2008

Microsoft Windows Storage Server 2003

Microsoft Windows Vista

Microsoft Windows XP Home Edition

Microsoft Windows XP Professional

Secunia CVSS Score

This information is available to Secunia VIM Customers

CVE Reference(s)

CVE-2011-1281 CVSS score available to Secunia VIM customers
CVE-2011-1282 CVSS score available to Secunia VIM customers
CVE-2011-1283 CVSS score available to Secunia VIM customers
CVE-2011-1284 CVSS score available to Secunia VIM customers
CVE-2011-1870 CVSS score available to Secunia VIM customers

Description

Multiple vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.

1) An error in the "AllocConsole()" function within the Client/Server Run-time Subsystem (CSRSS) when multiple console objects are associated with a process can be exploited to cause a new process to obtain an orphaned object after the original process terminates.

2) An input validation error in the "SrvSetConsoleLocalEUDC()" function within the Client/Server Run-time Subsystem (CSRSS) can be exploited to write certain data into a NULL page.

3) An array-indexing error in the "SrvSetConsoleNumberOfCommand()" function within the Client/Server Run-time Subsystem (CSRSS) can be exploited to read data from certain kernel memory locations.

4) An integer overflow error in the "SrvWriteConsoleOutput()" function within the Client/Server Run-time Subsystem (CSRSS) can be exploited to corrupt memory.

5) An integer overflow error in the "SrvWriteConsoleOutputString()" function within the Client/Server Run-time Subsystem (CSRSS) can be exploited to corrupt memory.

Solution
Apply patches.
Further details available to Secunia VIM customers

Provided and/or discovered by
Matthew 'j00ru' Jurczyk

Changelog
Further details available to Secunia VIM customers

Original Advisory
MS11-056 (KB2507938):
http://www.microsoft.com/technet/security/Bulletin/MS11-056.mspx

j00ru:
http://j00ru.vexillium.org/?p=893

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Microsoft Windows CSRSS Multiple Privilege Escalation Vulnerabilities

No posts yet

Secunia Advisory SA45174

Microsoft Windows CSRSS Multiple Privilege Escalation Vulnerabilities

Do you have additional information related to this advisory?

You must be logged in to post a comment.

Secunia Customer Login

Not a customer already?