| ID |
CVE-2005-0551
|
| Summary |
Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
|
| CVSS |
| Base: | 10.0 (as of 12-10-2018 - 21:36) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| oval
via4
|
| accepted | 2005-06-22T12:38:00.000-04:00 | | class | vulnerability | | contributors | | name | Ingrid Skoog | | organization | The MITRE Corporation |
| name | Christine Walzer | | organization | The MITRE Corporation |
| | description | Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. | | family | windows | | id | oval:org.mitre.oval:def:1822 | | status | accepted | | submitted | 2005-05-02T12:00:00.000-04:00 | | title | Server 2003 CSRSS Privilege Escalation Vulnerability | | version | 64 |
| accepted | 2011-05-16T04:02:34.778-04:00 | | class | vulnerability | | contributors | | name | Ingrid Skoog | | organization | The MITRE Corporation |
| name | Christine Walzer | | organization | The MITRE Corporation |
| name | Dragos Prisaca | | organization | Gideon Technologies, Inc. |
| name | Sudhir Gandhe | | organization | Telos |
| name | Shane Shaffer | | organization | G2, Inc. |
| | description | Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. | | family | windows | | id | oval:org.mitre.oval:def:266 | | status | accepted | | submitted | 2005-05-02T12:00:00.000-04:00 | | title | Windows XP (SP2) CSRSS Privilege Escalation Vulnerability | | version | 69 |
| accepted | 2011-05-16T04:02:49.708-04:00 | | class | vulnerability | | contributors | | name | Ingrid Skoog | | organization | The MITRE Corporation |
| name | Christine Walzer | | organization | The MITRE Corporation |
| name | Shane Shaffer | | organization | G2, Inc. |
| name | Sudhir Gandhe | | organization | Telos |
| name | Shane Shaffer | | organization | G2, Inc. |
| | description | Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. | | family | windows | | id | oval:org.mitre.oval:def:3544 | | status | accepted | | submitted | 2005-05-02T12:00:00.000-04:00 | | title | Windows XP CSRSS Privilege Escalation Vulnerability | | version | 70 |
| accepted | 2011-05-16T04:03:26.716-04:00 | | class | vulnerability | | contributors | | name | Ingrid Skoog | | organization | The MITRE Corporation |
| name | Christine Walzer | | organization | The MITRE Corporation |
| name | Andrew Buttner | | organization | The MITRE Corporation |
| name | Shane Shaffer | | organization | G2, Inc. |
| name | Sudhir Gandhe | | organization | Telos |
| name | Shane Shaffer | | organization | G2, Inc. |
| | description | Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. | | family | windows | | id | oval:org.mitre.oval:def:777 | | status | accepted | | submitted | 2005-05-02T12:00:00.000-04:00 | | title | Windows 2000 CSRSS Privilege Escalation Vulnerability | | version | 69 |
|
| refmap
via4
|
| idefense | 20050412 Microsoft Windows CSRSS.EXE Stack Overflow Vulnerability |
|
| Last major update |
12-10-2018 - 21:36 |
| Published |
02-05-2005 - 04:00 |
| Last modified |
12-10-2018 - 21:36 |
