Описание
Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.
Ссылки
- US Government Resource
- US Government Resource
- Vendor Advisory
- US Government Resource
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02113
Низкий
7.2 High
CVSS2
Дефекты
CWE-399
Связанные уязвимости
github
почти 4 года назад
Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.
EPSS
Процентиль: 84%
0.02113
Низкий
7.2 High
CVSS2
Дефекты
CWE-399