Jump to content

Vista Exploit Surfaces on Russian Hacker Site


Recommended Posts

Vista Exploit Surfaces on Russian Hacker Site

Proof-of-concept exploit code for a privilege escalation vulnerability affecting all versions of Windows—including Vista—has been posted on a Russian hacker forum, forcing Microsoft to activate its emergency response process.

Mike Reavey, operations manager of the Microsoft Security Response Center, confirmed that the company is “closely monitoring†the public posting, which first appeared on a Russian language forum on Dec. 15. It affects “csrss.exe,†which is the main executable for the Microsoft Client/Server Runtime Server.

According to an alert cross-posted to security mailing lists, the vulnerability is caused by a memory corruption when certain strings are sent through the MessageBox API.

“The PoC reportedly allows for local elevation of privilege on Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista operating systems,†Reavey said in an entry posted late Dec. 21 on the MSRC blog.

sources : http://edge.i-hacked.com , http://www.eweek.com

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...