SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows Kernel Vendors:   Microsoft
Microsoft Windows Kernel and Font Buffer Overflows Let Local Users Deny Service or Obtain System Privileges
SecurityTracker Alert ID:  1013688
SecurityTracker URL:  http://securitytracker.com/id/1013688
CVE Reference:   CVE-2005-0060, CVE-2005-0061, CVE-2005-0550, CVE-2005-0551   (Links to External Site)
Date:  Apr 12 2005
Impact:   Denial of service via local system, Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2000 SP4 and prior, XP SP2 and prior, 2003, 98/Me
Description:   Several vulnerabilities were reported in the Windows kernel. A local user can cause denial of service conditions or gain elevated privileges.

A local user can supply a specially crafted font file that, when processed by the operating system, will trigger a buffer overflow and execute arbitrary code [CVE: CVE-2005-0060]. The code will run with System level privileges.

The kernel does not properly process certain access requests [CVE: CVE-2005-0061]. A local user can exploit this flaw to execute arbitrary code with System level privileges.

The kernel does not properly process certain object requests [CVE: CVE-2005-0550]. A local user can trigger a buffer overflow to cause the system top stop responding.

A local user can trigger a stack overflow in WINSRV.DLL and cause the Client Server Runtime System process (CRSS.EXE) to execute arbitrary code with System level privileges [CVE: CVE-2005-0551].

The vendor credits John Heasman of Next Generation Security Software Ltd. for reporting the Font vulnerability, Sanjeev Radhakrishnan, Amit Joshi, and Ananta Iyengar of GreenBorder Technologies with reporting the Windows Kernel Vulnerability, and David Fritz and iDEFENSE with reporting the CSRSS vulnerability.

Impact:   A local user can cause the system to stop responding.

A local user can obtain System level privileges.

Solution:   The vendor has issued the following fixes:

Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=992C1BF9-A2C0-49D2-9059-A1DAD6703213

Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=F0683E2B-8E8F-474F-B8D8-46C4C33FCE99

Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium):

http://www.microsoft.com/downloads/details.aspx?FamilyId=B52F9281-570F-4F7A-8DEF-5AEAB6E8E002

Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium):

http://www.microsoft.com/downloads/details.aspx?FamilyId=C51D6AD5-93BA-4717-A5DB-5CE78F70592E

Microsoft Windows Server 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=E66332D4-3952-428F-AC62-AC8124F8942A

Microsoft Windows Server 2003 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?FamilyId=C51D6AD5-93BA-4717-A5DB-5CE78F70592E

A restart is required.

Vendor URL:  www.microsoft.com/technet/security/Bulletin/MS05-018.mspx (Links to External Site)
Cause:   Boundary error, Exception handling error, Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC