Vulnerability Note VU#740636

Microsoft Windows CSRSS error handling vulnerability

Original Release date: 11 Apr 2007 | Last revised: 11 Apr 2007

Overview

The Microsoft Windows Client/Server Run-time Subsystem (CSRSS) process fails to properly handle error messages. This vulnerability may allow a remote attacker to execute arbitrary code.

Description

According to Microsoft Security Bulletin MS07-021:

    CSRSS is the user-mode portion of the Win32 subsystem. CSRSS stands for client/server run-time subsystem and is an essential subsystem that must be running at all times. CSRSS is responsible for console windows, creating and/or deleting threads.

The CSRSS process fails to properly handle error messages possibly allowing a double free vulnerability to occur.

More information is available in Microsoft Security Bulletin MS07-021.

Note that proof-of-concept code is available for this vulnerability.

Impact

A remote attacker may be able to execute arbitrary code on a vulnerable system.

Solution

Apply update from Microsoft
Microsoft has released an update for this vulnerability in Microsoft Security Bulletin MS07-021.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Microsoft CorporationAffected-10 Apr 2007
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported by Tim Garnett of Determina Security Research .

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: CVE-2006-6797
  • Date Public: 15 Dec 2006
  • Date First Published: 11 Apr 2007
  • Date Last Updated: 11 Apr 2007
  • Severity Metric: 7.44
  • Document Revision: 12

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.