CERT-In Vulnerability Note CIVN-2006-129
Microsoft Windows File Manifest Corruption Vulnerability

Original Issue Date: December 13, 2006

Severity Rating: Medium

Systems Affected

• Microsoft Windows XP Service Pack 2
• Microsoft Windows Server 2003
• Microsoft Windows Server 2003 for Itanium-based systems

Overview

A privilege escalation vulnerability exists in the way that Microsoft Windows starts applications with specially crafted file manifests which could allow a logged on user to take complete control of the system.

Description

A privilege escalation vulnerability has been reported which is caused due to the improper processing and management of file manifests by the Client-Server Run-time Subsystem.

Csrss (client/server run-time subsystem) is the user-mode portion of the Win32 subsystem and is an essential subsystem that must be running at all times. It is responsible for console windows, creating and/or deleting threads.

An attacker who successfully exploited this vulnerability could take complete control of an affected system. To attempt to exploit this vulnerability, an attacker must be able to log on locally to the system and run a specially crafted application.

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS06-075

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms06-075.mspx

References

Secunia
http://secunia.com/advisories/23308/

Security Tracker
http://www.securitytracker.com/alerts/2006/Dec/1017370.html

FrSirt
http://www.frsirt.com/english/advisories/2006/4968

CVE Name
CVE-2006-5585

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003