Code-Authors Welcome Guest | Login or Register

TITLE:
Windows Vista CSRSS Privilege Escalation Vulnerability

SECUNIA ADVISORY ID:
SA24823

VERIFY ADVISORY:
http://secunia.com/advisories/24823/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
Microsoft Windows Vista
http://secunia.com/product/13223/

DESCRIPTION:
eEye Digital Security has reported a vulnerability in Windows Vista,
which can be exploited by malicious, local users to gain escalated
privileges.

The vulnerability is caused due to incorrect marshaling of system
resources in the Client/Server Run-time Subsystem (CSRSS) when handling
connections during the startup and stopping of processes. This can be
exploited to execute arbitrary code with SYSTEM privileges by
establishing and closing multiple connections to the subsystem’s
“ApiPort”.

SOLUTION:
Apply patches.

Windows Vista:
http://www.microsoft.com/downloads/details.aspx?FamilyId=3487b1f0-a383-4
1a4-a660-2768962b3bcd

Windows Vista x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=c46f62e1-dddd-4
886-a82b-ebec258a495b

PROVIDED AND/OR DISCOVERED BY:
Derek Soeder, eEye Digital Security.

ORIGINAL ADVISORY:
MS07-021 (KB930178):
http://www.microsoft.com/technet/security/Bulletin/MS07-021.mspx

eEye Digital Security:
http://research.eeye.com/html/advisories/published/AD20070410b.html

TITLE:
Microsoft Windows XP UPnP Memory Corruption Vulnerability

SECUNIA ADVISORY ID:
SA24822

VERIFY ADVISORY:
http://secunia.com/advisories/24822/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From local network

OPERATING SYSTEM:
Microsoft Windows XP Home Edition http://secunia.com/product/16/
Microsoft Windows XP Professional http://secunia.com/product/22/

DESCRIPTION:
A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error in the UPnP (Universal Plug
and Play) service when processing HTTP requests. This can be exploited
to corrupt memory via a specially crafted HTTP request sent to the
service.

Successful exploitation allows execution of arbitrary code with “Local
Service” privileges.

SOLUTION:
Apply patches.

Windows XP (requires SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=ecf69778-91f9-4
98e-a8bd-35208aa93051

Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=6ceb5b4f-861f-4
f37-b4bc-e8a56382b833

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Greg MacManus, iDefense Labs.

ORIGINAL ADVISORY:
MS07-019 (KB931261):
http://www.microsoft.com/technet/security/Bulletin/MS07-019.mspx