News
Vigil@nce - Windows: privilege elevation via CSRSS
January 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
On an Asian system, a local attacker can use malformed Unicode characters, in order to gain system privileges.
Severity: 2/4
Creation date: 11/01/2012
IMPACTED PRODUCTS
Microsoft Windows 2003
Microsoft Windows 2008
Microsoft Windows Vista
Microsoft Windows XP
DESCRIPTION OF THE VULNERABILITY
The CSRSS (Client/Server Run-time Subsystem) subsystem manages users’ consoles and processes.
A Chinese, Japanese or Korean system uses special characters encoded with Unicode. When a user uses a sequence of malformed Unicode characters, the CSRSS memory is corrupted.
On an Asian system, a local attacker can therefore use malformed Unicode characters, in order to gain system privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
