Computer Security
[EN] securityvulns.ru no-pyccku


Sambar FTP service DoS
Published:16.12.2006
Source:
SecurityVulns ID:6946
Type:remote
Threat Level:
5/10
Description:Crash on oversized SIZE command.
Affected:SAMBAR : Sambar Server 6.4
Files:Sambar FTP Server 6.4 SIZE Denial Of Service

Microsoft Word / Open Office 0-day security vulnerability
updated since 06.12.2006
Published:16.12.2006
Source:
SecurityVulns ID:6894
Type:client
Threat Level:
7/10
Description:2 different unknown vulnerabilities are used for hidden malware installation.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
 MICROSOFT : Works 2004
 MICROSOFT : Works 2005
 MICROSOFT : Works 2006
 MICROSOFT : Office 2004 v. X for Mac
 OPENOFFICE : OpenOffice 2.1
Original documentdocumentMICROSOFT, Microsoft Security Advisory (929433) Vulnerability in Microsoft Word Could Allow Remote Code Execution (06.12.2006)
Files:Microsoft Office / OpenOffice PoC
  Microsoft Security Advisory (929433) Vulnerability in Microsoft Word Could Allow Remote Code Execution
 New Report of A Word Zero Day

Microsoft Windows memory corruption
updated since 16.12.2006
Published:11.04.2007
Source:
SecurityVulns ID:6944
Type:library
Threat Level:
7/10
Description:CSRSS memory corruption on MessageBox with MB_SERVICE_NOTIFICATION beginning with "\??\".
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-1209 (Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.)
 CVE-2006-6797 (The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696.)
 CVE-2006-6696 (Double-free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.)
Original documentdocumentEEYE, EEYE: Windows Vista CSRSS Dangling Process Pointer Privilege Escalation (11.04.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-021 Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178) (11.04.2007)
 documentReversemode, csrss.exe double-free vulnerability - arbitrary DWORD overwrite exploit (31.12.2006)
 document3APA3A, Microsoft Windows csrss (?) memory corruption exploited in-the-wild (16.12.2006)
 documentwins mallow, ms ;) (16.12.2006)
Files:exploit NtRaiseHardError privesc and load dll into csrss
 Microsoft MessageBox memory corruption PoC
 Exploits Microsoft Windows NtRaiseHardError Csrss.exe-winsrv.dll Double Free
 Microsoft Security Bulletin MS07-021 Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)
 Убийственный MessageBox от Мелкомягких
 Windows CSRSS HardError Message Box Vulnerability

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod