{"vuid":"VU#259197","idnumber":"259197","name":"Microsoft Client Server Runtime System Vulnerability","keywords":["Microsoft","MS05-018","CSRSS","buffer overflow","stack overflow"],"overview":"The Microsoft Client Server Runtime System (CSRSS) incorrectly validates certain messages potentially resulting in privilege elevation.","clean_desc":"CSRSS is the user-mode part of the Win32 subsystem. Win32.sys is the kernel-mode portion of the Win32 subsystem. The Win32 subsystem must be running at all times. CSRSS is responsible for console windows, for creating threads, for deleting threads, and for some parts of the 16-bit virtual MS-DOS environment. The CSRSS only responds to requests made by other processes on the local computer. A locally authenticated user may be able to exploit a vulnerability in the way CSRSS validates certain messages in order to gain elevated privileges.","impact":"Local authenticated users could potentially execute arbitrary code as privileged users, allowing them to gain complete control of the system.","resolution":"Apply a patch Microsoft has published Microsoft Security Bulletin MS05-018 in response to this issue. Users are strongly encouraged to review this advisory and apply the patches it refers to.","workarounds":"","sysaffected":"","thanks":"Thanks to Microsoft who in turn thank David Fritz working with iDEFENSE for reporting the CSRSS Vulnerability.","author":"This document was written by Robert Mead based on information provided by Microsoft.","public":["http://www.microsoft.com/technet/security/bulletin/MS05-018.mspx","http://www.idefense.com/application/poi/display?id=230&type=vulnerabilities&flashstatus=false"],"cveids":["CVE-2005-0551"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-04-12T19:58:00Z","publicdate":"2005-04-12T00:00:00Z","datefirstpublished":"2005-04-13T21:47:49Z","dateupdated":"2005-05-17T14:10:16Z","revision":15,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"20","cam_impact":"18","cam_easeofexploitation":"2","cam_attackeraccessrequired":"10","cam_scorecurrent":"2.43","cam_scorecurrentwidelyknown":"3.105","cam_scorecurrentwidelyknownexploited":"5.805","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":2.43,"vulnote":null}