Thread: Windows Client Server Run-Time Subsystem Privilege Escalation
View Single Post
Old 22-12-2006, 17:21   #1
Gareth
cf.mega poster
 
Gareth's Avatar
 
Join Date: Dec 2003
Age: 50
Posts: 7,101
Gareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny stars
Gareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny stars
Windows Client Server Run-Time Subsystem Privilege Escalation
Just for info, for those others who work in securty, here's another zero-day... I make that 4 MS-related ones so far for December

http://www.frsirt.com/english/advisories/2006/5120

Advisory ID : FrSIRT/ADV-2006-5120
CVE ID : CVE-2006-6696
Rated as : Moderate Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2006-12-22
Technical Description

A vulnerability has been identified in Microsoft Windows, which could be exploited by local attackers to obtain elevated privileges. This issue is due to a double-free error within the Windows Server Library (WINSRV.DLL) and the Client Server Run-Time Subsystem (CSRSS) when calling a MessageBox API with malformed parameters and a "MB_SERVICE_NOTIFICATION" flag set, which could allow malicious users to crash a vulnerable system or execute arbitrary commands with SYSTEM privileges.

Affected Products

Microsoft Windows Vista Home
Microsoft Windows Vista Business
Microsoft Windows Vista Enterprise
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 1
Microsoft Windows Server 2003 Service Pack 1

Solution

The FrSIRT is not aware of any official supplied patch for this issue.
Gareth is offline   Reply With Quote