Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows Client/Server Run-time Subsystem
Published:10.02.2010
Source:
SecurityVulns ID:10608
Type:local
Threat Level:
6/10
Description:Invalid process termination on user's logout.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2010-0023 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS10-011 - Important Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037) (10.02.2010)
Files:Microsoft Security Bulletin MS10-011 - Important Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod