{"vuid":"VU#740636","idnumber":"740636","name":"Microsoft Windows CSRSS error handling vulnerability","keywords":["Microsoft","Windows","memory corruption","double free","code execution","\\??\\","MessageBox API","MB_SERVICE_NOTIFICATION flag","ms07-apr"],"overview":"The Microsoft Windows Client/Server Run-time Subsystem (CSRSS) process fails to properly handle error messages. This vulnerability may allow a remote attacker to execute arbitrary code.","clean_desc":"According to Microsoft Security Bulletin MS07-021: CSRSS is the user-mode portion of the Win32 subsystem. CSRSS stands for client/server run-time subsystem and is an essential subsystem that must be running at all times. CSRSS is responsible for console windows, creating and/or deleting threads. The CSRSS process  fails to properly handle error messages possibly allowing a double free vulnerability to occur. More information is available in Microsoft Security Bulletin MS07-021. Note that proof-of-concept code is available for this vulnerability.","impact":"A remote attacker may be able to execute arbitrary code on a vulnerable system.","resolution":"Apply update from Microsoft\nMicrosoft has released an update for this vulnerability in Microsoft Security Bulletin MS07-021.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by \nTim Garnett of \nDetermina Security Research","author":"This document was written by Jeff Gennari.","public":["http://www.microsoft.com/technet/security/bulletin/ms07-021.mspx","http://www.determina.com/security.research/vulnerabilities/csrss-harderror.html","http://www.kuban.ru/forum_new/forum2/files/19124.html","http://bugtraq.ru/cgi-bin/forum.mcgi?type=sb&b=21&m=140672","http://www.microsoft.com/technet/security/bulletin/ms07-021.mspx"],"cveids":["CVE-2006-6797"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-12-18T15:16:48Z","publicdate":"2006-12-15T00:00:00Z","datefirstpublished":"2007-04-10T18:45:12Z","dateupdated":"2007-04-11T10:50:00Z","revision":14,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"8","cam_exploitation":"10","cam_internetinfrastructure":"13","cam_population":"20","cam_impact":"16","cam_easeofexploitation":"4","cam_attackeraccessrequired":"10","cam_scorecurrent":"7.44","cam_scorecurrentwidelyknown":"10.32","cam_scorecurrentwidelyknownexploited":"12.72","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":7.44,"vulnote":null}