HTTP: Microsoft Windows CSRSS HardError Message Box Vulnerability
This signature detects attempts to exploit a known memory corruption vulnerability in Microsoft Windows. It due to improper handling of "HardError" messages in Windows Client/Server Runtime Server Subsystem (CSRSS). A remote unauthenticated attacker can exploit this by enticing the target user to visit a malicious Web site using Internet Explorer. A successful attack allows the remote attackers to execute arbitrary code with the privileges of the System. The behavior of the target is entirely dependent on the intended function of the injected code. An unsuccessful attack results in a kernel error condition, which is also known as the "Blue Screen of Death." The vulnerable system can reboot or halt, which results in a denial-of-service condition.
Extended Description
Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
Affected Products
Microsoft windows_vista
Short Name
HTTP:STC:IE:CSRSS-HE-MSG
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Box CSRSS CVE-2006-6696 HardError Message Microsoft Vulnerability Windows bid:21688
Release Date
10/26/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Microsoft
CVSS Score
6.9