The Microsoft Windows Client/Server Run-time Subsystem (CSRSS) process fails to properly handle error messages. This vulnerability may allow a remote attacker to execute arbitrary code.
According to Microsoft Security Bulletin MS07-021:
CSRSS is the user-mode portion of the Win32 subsystem. CSRSS stands for client/server run-time subsystem and is an essential subsystem that must be running at all times. CSRSS is responsible for console windows, creating and/or deleting threads.
A remote attacker may be able to execute arbitrary code on a vulnerable system.
Apply update from Microsoft
This vulnerability was reported by Tim Garnett of Determina Security Research .
This document was written by Jeff Gennari.
|Date First Published:||2007-04-10|
|Date Last Updated:||2007-04-11 10:50 UTC|