The Microsoft Windows Client/Server Run-time Subsystem (CSRSS) process fails to properly handle error messages. This vulnerability may allow an attacker to execute arbitrary code.
The Microsoft Client/Server Run-time Subsystem (CSRSS) is an essential subsystem. CSRSS is responsible for console windows and creating and deleting threads.
According to Microsoft Security Bulletin MS07-021:
A local authenticated attacker may be able to gain elevated privileges.
Apply update from Microsoft
Thanks to Microsoft for information that was used in this report. Microsoft credits eEye for reporting this vulnerability.
This document was written by Ryan Giobbi.
|Date First Published:||2007-04-10|
|Date Last Updated:||2007-04-11 17:42 UTC|