Unsolved
This post is more than 5 years old
3 Apprentice
•
15.3K Posts
0
4746
Windows CSRSS "SrvGetConsoleTitle()" Type Casting Weakness
The following has been copied/pasted from http://secunia.com/advisories/45475/ :
Description
A [non-critical] weakness [has been reported] in Microsoft Windows, which can be exploited by malicious, local users to disclose potentially sensitive information or cause a DoS (Denial of Service).
The weakness is caused due to a type casting error in the "SrvGetConsoleTitle()" function (winsrv.dll) within the Client/Server Run-time Subsystem (CSRSS) when performing a certain size check. This can be exploited to disclose some CSRSS memory or dereference invalid memory causing the kernel to crash.
Solution
[UNpatched:] Restrict access to trusted users only.
Provided and/or discovered by
Matthew Jurczyk (j00ru)
Original Advisory
http://j00ru.vexillium.org/?p=971