exploitDog

CVE-2011-1870

Опубликовано: 13 июл. 2011

Источник: nvd

CVSS2: 7.2

EPSS Низкий

Описание

Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability."

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

EPSS

Процентиль: 85%

0.0263

Низкий

7.2 High

CVSS2

Дефекты

CWE-189

Связанные уязвимости

GHSA-2gv3-qv3h-h8cf

github

больше 3 лет назад

Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability."

EPSS

Процентиль: 85%

0.0263

Низкий

7.2 High

CVSS2

Дефекты

CWE-189