Vulnerabilities > CVE-2005-0551 - Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 4 |
Exploit-Db
description | MS Windows CSRSS Local Privilege Escalation Exploit (MS05-018). CVE-2005-0551. Local exploit for windows platform |
id | EDB-ID:1198 |
last seen | 2016-01-31 |
modified | 2005-09-06 |
published | 2005-09-06 |
reporter | eyas |
source | https://www.exploit-db.com/download/1198/ |
title | Microsoft Windows - CSRSS Local Privilege Escalation Exploit MS05-018 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS05-018.NASL |
description | The remote host contains a version of the Windows kernel that is vulnerable to a security flaw that could allow a local user to elevate his privileges or to crash the remote host (therefore causing a denial of service). |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18022 |
published | 2005-04-12 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18022 |
title | MS05-018: Vulnerabilities in Windows Kernel (890859) |
code |
|
Oval
accepted 2005-06-22T12:38:00.000-04:00 class vulnerability contributors name Ingrid Skoog organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation
description Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. family windows id oval:org.mitre.oval:def:1822 status accepted submitted 2005-05-02T12:00:00.000-04:00 title Server 2003 CSRSS Privilege Escalation Vulnerability version 64 accepted 2011-05-16T04:02:34.778-04:00 class vulnerability contributors name Ingrid Skoog organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Dragos Prisaca organization Gideon Technologies, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. family windows id oval:org.mitre.oval:def:266 status accepted submitted 2005-05-02T12:00:00.000-04:00 title Windows XP (SP2) CSRSS Privilege Escalation Vulnerability version 69 accepted 2011-05-16T04:02:49.708-04:00 class vulnerability contributors name Ingrid Skoog organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. family windows id oval:org.mitre.oval:def:3544 status accepted submitted 2005-05-02T12:00:00.000-04:00 title Windows XP CSRSS Privilege Escalation Vulnerability version 70 accepted 2011-05-16T04:03:26.716-04:00 class vulnerability contributors name Ingrid Skoog organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. family windows id oval:org.mitre.oval:def:777 status accepted submitted 2005-05-02T12:00:00.000-04:00 title Windows 2000 CSRSS Privilege Escalation Vulnerability version 69
References
- http://www.idefense.com/application/poi/display?id=230&type=vulnerabilities
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-018
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1822
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A266
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3544
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A777