Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Производитель ПО
Наименование ПО
Microsoft Windows
(1.1.4 x86 Windows 2000 Server SP4, 1.2.2 x86 Windows XP SP2, 1.3.0 x86 Windows 2003 Server, 1.3.1 x86 Windows 2003 Server SP1, 1.3.2 x86 Windows 2003 Server SP2, 1.4.0 x86 Windows Vista, 2.2.0 x64 Windows XP, 2.2.2 x64 Windows XP SP2, 2.3.0 x64 Windows 2003 Server, 2.3.2 x64 Windows 2003 Server SP2, 2.4.0 x64 Windows Vista, 3.3.0 i64 Windows 2003 Server , 3.3.1 i64 Windows 2003 Server SP1, 3.3.2 i64 Windows 2003 Server SP2)
Microsoft Updates
(KB2121546, KB2507938, KB2567680, KB2646524, KB2712808, KB2726535, KB2758857, KB2775511, KB2790113, KB2820917, KB2872339, KB2919355, KB2922229, KB3063858, KB3071756, KB930178, KB961501, SP0, SP1, SP2)
Описание
В способе, которым процесс Windows CSRSS обрабатывает сообщения об ошибках, существует уязвимость, приводящая к удаленному выполнению кода. Злоумышленник может воспользоваться ею, создав специально сконструированное приложение, которое сделает возможным удаленное выполнение кода.
Как исправить
Используйте рекомендации производителя:
http://www.microsoft.com/technet/security/Bulletin/MS07-021.mspx
http://www.microsoft.com/technet/security/Bulletin/MS07-021.mspx
Ссылки
http://downloads.securityfocus.com/vulnerabilities/exploits/21688.cs
BID (21688): http://www.securityfocus.com/bid/21688
http://www.determina.com/security.research/vulnerabilities/csrss-harderror.html
http://www.security.nnov.ru/files/messagebox.c
http://blogs.technet.com/msrc/archive/2006/12/22/new-report-of-a-windows-vulnerability.aspx
BUGTRAQ (20061221 Microsoft Windows XP/2003/Vista memory corruption 0day): http://www.securityfocus.com/archive/1/archive/1/455061/100/0/threaded
BUGTRAQ (20061221 Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day): http://www.securityfocus.com/archive/1/archive/1/455104/100/0/threaded
BUGTRAQ (20061221 Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memorycorruption 0day): http://www.securityfocus.com/archive/1/archive/1/455088/100/0/threaded
BUGTRAQ (20061222 Re: Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day): http://www.securityfocus.com/archive/1/archive/1/455158/100/0/threaded
FULLDISC (20061221 Microsoft Windows XP/2003/Vista memory corruption 0day): http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051394.html
http://www.security.nnov.ru/Gnews944.html
http://groups.google.ca/group/microsoft.public.win32.programmer.kernel/browse_thread/thread/c5946bf40f227058/7bd7b5d66a4e5aff
http://www.kuban.ru/forum_new/forum2/files/19124.html
http://isc.sans.org/diary.php?n&storyid=1965
http://research.eeye.com/html/alerts/zeroday/20061215.html
http://www.milw0rm.com/exploits/2967
FRSIRT (ADV-2006-5120): http://www.frsirt.com/english/advisories/2006/5120
SECTRACK (1017433): http://securitytracker.com/id?1017433
BUGTRAQ (20061230 csrss.exe double-free vulnerability - arbitrary DWORD overwrite exploit): http://www.securityfocus.com/archive/1/archive/1/455546/100/0/threaded
MILW0RM (2967): http://milw0rm.com/exploits/2967
MS (MS07-021): http://www.microsoft.com/technet/security/bulletin/ms07-021.mspx
HP (HPSBST02208): http://www.securityfocus.com/archive/1/archive/1/466331/100/200/threaded
BID (21688): http://www.securityfocus.com/bid/21688
http://www.determina.com/security.research/vulnerabilities/csrss-harderror.html
http://www.security.nnov.ru/files/messagebox.c
http://blogs.technet.com/msrc/archive/2006/12/22/new-report-of-a-windows-vulnerability.aspx
BUGTRAQ (20061221 Microsoft Windows XP/2003/Vista memory corruption 0day): http://www.securityfocus.com/archive/1/archive/1/455061/100/0/threaded
BUGTRAQ (20061221 Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day): http://www.securityfocus.com/archive/1/archive/1/455104/100/0/threaded
BUGTRAQ (20061221 Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memorycorruption 0day): http://www.securityfocus.com/archive/1/archive/1/455088/100/0/threaded
BUGTRAQ (20061222 Re: Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day): http://www.securityfocus.com/archive/1/archive/1/455158/100/0/threaded
FULLDISC (20061221 Microsoft Windows XP/2003/Vista memory corruption 0day): http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051394.html
http://www.security.nnov.ru/Gnews944.html
http://groups.google.ca/group/microsoft.public.win32.programmer.kernel/browse_thread/thread/c5946bf40f227058/7bd7b5d66a4e5aff
http://www.kuban.ru/forum_new/forum2/files/19124.html
http://isc.sans.org/diary.php?n&storyid=1965
http://research.eeye.com/html/alerts/zeroday/20061215.html
http://www.milw0rm.com/exploits/2967
FRSIRT (ADV-2006-5120): http://www.frsirt.com/english/advisories/2006/5120
SECTRACK (1017433): http://securitytracker.com/id?1017433
BUGTRAQ (20061230 csrss.exe double-free vulnerability - arbitrary DWORD overwrite exploit): http://www.securityfocus.com/archive/1/archive/1/455546/100/0/threaded
MILW0RM (2967): http://milw0rm.com/exploits/2967
MS (MS07-021): http://www.microsoft.com/technet/security/bulletin/ms07-021.mspx
HP (HPSBST02208): http://www.securityfocus.com/archive/1/archive/1/466331/100/200/threaded