Forum Articles
  Welcome back Join CF
You are here You are here: Home | Forum | Windows Client Server Run-Time Subsystem Privilege Escalation

You are currently viewing our boards as a guest which gives you limited access to view most of the discussions, articles and other free features. By joining our Virgin Media community you will have full access to all discussions, be able to view and post threads, communicate privately with other members (PM), respond to polls, upload your own images/photos, and access many other special features. Registration is fast, simple and absolutely free so please join our community today.


Welcome to Cable Forum
Go Back   Cable Forum > Computers & IT > Security & Virus Discussion
Reload this Page Windows Client Server Run-Time Subsystem Privilege Escalation
Register FAQ Members List Calendar Mark Forums Read

Windows Client Server Run-Time Subsystem Privilege Escalation
Reply
 
Thread Tools
Old 22-12-2006, 17:21   #1
Gareth
cf.mega poster
 
Gareth's Avatar
 
Join Date: Dec 2003
Age: 50
Posts: 7,101
Gareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny stars
Gareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny stars
Windows Client Server Run-Time Subsystem Privilege Escalation
Just for info, for those others who work in securty, here's another zero-day... I make that 4 MS-related ones so far for December

http://www.frsirt.com/english/advisories/2006/5120

Advisory ID : FrSIRT/ADV-2006-5120
CVE ID : CVE-2006-6696
Rated as : Moderate Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2006-12-22
Technical Description

A vulnerability has been identified in Microsoft Windows, which could be exploited by local attackers to obtain elevated privileges. This issue is due to a double-free error within the Windows Server Library (WINSRV.DLL) and the Client Server Run-Time Subsystem (CSRSS) when calling a MessageBox API with malformed parameters and a "MB_SERVICE_NOTIFICATION" flag set, which could allow malicious users to crash a vulnerable system or execute arbitrary commands with SYSTEM privileges.

Affected Products

Microsoft Windows Vista Home
Microsoft Windows Vista Business
Microsoft Windows Vista Enterprise
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 1
Microsoft Windows Server 2003 Service Pack 1

Solution

The FrSIRT is not aware of any official supplied patch for this issue.
Gareth is offline   Reply With Quote
Advertisement
Reply

« Previous Thread | Next Thread »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 21:21.

Contact Us - Service Status - Cable Forum - Archive - Privacy Statement - Terms of Service - Top

Server: osmium.zmnt.uk
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2026, vBulletin Solutions Inc.
All Posts and Content are © Cable Forum
Copyright © 2026 Cable Forum Hosted On Hetzner Cloud