ID CVE-2006-6797
Summary The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696.
References
Vulnerable Configurations
  • Microsoft windows xp_gold
    cpe:2.3:o:microsoft:windows_xp:-:gold
CVSS
Base: 6.6 (as of 28-12-2006 - 15:51)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE COMPLETE
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS07-021.NASL
description The remote host is running a version of Windows containing a bug in the CSRSS error message handling routine that could allow an attacker to execute arbitrary code on the remote host by luring a user on the remote host into visiting a rogue website. Additionally, the system is prone to the following types of attack : - Local Privilege Elevation - Denial of Service (Local)
last seen 2019-02-21
modified 2018-11-15
plugin id 25024
published 2007-04-10
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=25024
title MS07-021: Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)
oval via4
accepted 2012-11-19T04:00:33.510-05:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Josh Turpin
    organization Symantec Corporation
  • name Shane Shaffer
    organization G2, Inc.
  • name Chandan S
    organization SecPod Technologies
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Windows XP (x86) SP2 is installed
    oval oval:org.mitre.oval:def:754
  • comment Microsoft Windows XP SP1 (64-bit) is installed
    oval oval:org.mitre.oval:def:480
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
  • comment Microsoft Windows Server 2003 (x86) Gold is installed
    oval oval:org.mitre.oval:def:165
  • comment Microsoft Windows Server 2003 (ia64) Gold is installed
    oval oval:org.mitre.oval:def:396
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Windows Server 2003 SP1 (x64) is installed
    oval oval:org.mitre.oval:def:4386
  • comment Microsoft Windows Server 2003 SP1 for Itanium is installed
    oval oval:org.mitre.oval:def:1205
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows Server 2003 SP2 (x64) is installed
    oval oval:org.mitre.oval:def:2161
  • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
    oval oval:org.mitre.oval:def:1442
  • comment Microsoft Windows Vista is installed
    oval oval:org.mitre.oval:def:228
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
description The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696.
family windows
id oval:org.mitre.oval:def:2013
status accepted
submitted 2007-04-10T16:31:02
title CSRSS DoS Vulnerability
version 74
refmap via4
bugtraq 20061227 NtRaiseHardError Csrss.exe memory Disclosure exploit
cert TA07-100A
cert-vn VU#740636
hp
  • HPSBST02208
  • SSRT071365
misc
ms MS07-021
sectrack 1017454
secunia 23491
sreason 2086
vupen
  • ADV-2006-5197
  • ADV-2007-1325
xf win-ntraiseharderror-information-disclosure(31176)
Last major update 07-03-2011 - 21:46
Published 28-12-2006 - 10:28
Last modified 17-10-2018 - 17:49
Back to Top