Microsoft Windows CSRSS Information Disclosure Vulnerability
Secunia Advisory: SA23491 Release Date: 2006-12-28
Critical: Less critical
Impact: Exposure of sensitive information
Where: Local system
Solution Status: Unpatched
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
Rubén Santamarta has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious, local users to gain knowledge of sensitive information.
The problem is that CSRSS.exe does not properly validate arguments passed via NtRaiseHardError and can be exploited to view the contents of CSRSS process memory.
The vulnerability is confirmed on a fully-patched Windows XP SP2 system and reportedly affects Windows 2000 SP4 as well. Other versions may also be affected.
Solution: Allow only trusted users access to the system.
Provided and/or discovered by: Rubén Santamarta
Original Advisory: http://www.reversemode.com/index.php...id=29&Itemid=2