Vulnerabilities > CVE-2006-6797 - Unspecified vulnerability in Microsoft Windows XP
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
COMPLETE Summary
The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS07-021.NASL |
description | The remote host is running a version of Windows containing a bug in the CSRSS error message handling routine that could allow an attacker to execute arbitrary code on the remote host by luring a user on the remote host into visiting a rogue website. Additionally, the system is prone to the following types of attack : - Local Privilege Elevation - Denial of Service (Local) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 25024 |
published | 2007-04-10 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/25024 |
title | MS07-021: Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178) |
code |
|
Oval
accepted | 2012-11-19T04:00:33.510-05:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
description | The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:2013 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
submitted | 2007-04-10T16:31:02 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
title | CSRSS DoS Vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
version | 77 |
References
- http://secunia.com/advisories/23491
- http://securityreason.com/securityalert/2086
- http://securitytracker.com/id?1017454
- http://www.kb.cert.org/vuls/id/740636
- http://www.reversemode.com/index.php?option=com_content&task=view&id=29&Itemid=2
- http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=43
- http://www.securityfocus.com/archive/1/455365/100/0/threaded
- http://www.securityfocus.com/archive/1/466331/100/200/threaded
- http://www.us-cert.gov/cas/techalerts/TA07-100A.html
- http://www.vupen.com/english/advisories/2006/5197
- http://www.vupen.com/english/advisories/2007/1325
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31176
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2013