|
|
|
![]() |
Vulnerability Note VU#740636Microsoft Windows CSRSS error handling vulnerabilityOverviewThe Microsoft Windows Client/Server Run-time Subsystem (CSRSS) process fails to properly handle error messages. This vulnerability may allow a remote attacker to execute arbitrary code.I. DescriptionAccording to Microsoft Security Bulletin MS07-021:CSRSS is the user-mode portion of the Win32 subsystem. CSRSS stands for client/server run-time subsystem and is an essential subsystem that must be running at all times. CSRSS is responsible for console windows, creating and/or deleting threads. More information is available in Microsoft Security Bulletin MS07-021. Note that proof-of-concept code is available for this vulnerability. II. ImpactA remote attacker may be able to execute arbitrary code on a vulnerable system.III. SolutionApply update from MicrosoftMicrosoft has released an update for this vulnerability in Microsoft Security Bulletin MS07-021.
References
This vulnerability was reported by Tim Garnett of Determina Security Research . This document was written by Jeff Gennari.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||