ID CVE-2005-0551
Summary Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
CVSS
Base: 10.0 (as of 12-10-2018 - 21:36)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2005-06-22T12:38:00.000-04:00
    class vulnerability
    contributors
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    description Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
    family windows
    id oval:org.mitre.oval:def:1822
    status accepted
    submitted 2005-05-02T12:00:00.000-04:00
    title Server 2003 CSRSS Privilege Escalation Vulnerability
    version 63
  • accepted 2011-05-16T04:02:34.778-04:00
    class vulnerability
    contributors
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
    family windows
    id oval:org.mitre.oval:def:266
    status accepted
    submitted 2005-05-02T12:00:00.000-04:00
    title Windows XP (SP2) CSRSS Privilege Escalation Vulnerability
    version 68
  • accepted 2011-05-16T04:02:49.708-04:00
    class vulnerability
    contributors
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
    family windows
    id oval:org.mitre.oval:def:3544
    status accepted
    submitted 2005-05-02T12:00:00.000-04:00
    title Windows XP CSRSS Privilege Escalation Vulnerability
    version 69
  • accepted 2011-05-16T04:03:26.716-04:00
    class vulnerability
    contributors
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
    family windows
    id oval:org.mitre.oval:def:777
    status accepted
    submitted 2005-05-02T12:00:00.000-04:00
    title Windows 2000 CSRSS Privilege Escalation Vulnerability
    version 68
refmap via4
idefense 20050412 Microsoft Windows CSRSS.EXE Stack Overflow Vulnerability
ms MS05-018
Last major update 12-10-2018 - 21:36
Published 02-05-2005 - 04:00
Back to Top