Oval Definition:	oval:org.mitre.oval:def:12602
Revision Date: 2013-05-06 Version: 47 Title: CSRSS Local EOP AllocConsole Vulnerability Description: The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2011-1281 Platform(s): Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Product(s): Definition Synopsis Vulnerable Microsoft Windows XP (x86) SP3 Microsoft Windows XP (x86) SP3 is installed AND the version of Csrsrv.dll is less than 5.1.2600.6104 OR Vulnerable Microsoft Windows XP x64 SP2, Server 2003 x86/x64/ia64 SP2 Windows XP x64 SP2, Server 2003 x86/x64/ia64 SP2 Microsoft Windows XP x64 Edition SP2 is installed OR Microsoft Windows Server 2003 SP2 (x86) is installed OR Microsoft Windows Server 2003 SP2 (x64) is installed OR Microsoft Windows Server 2003 (ia64) SP2 is installed AND the version of Csrsrv.dll is less than 5.2.3790.4860 OR Vulnerable Microsoft Windows Vista SP1 x86/x64, Server 2008 32bit/x64/ia64 Windows Vista SP1 x86/x64, Server 2008 32bit/x64/ia64 Microsoft Windows Vista (32-bit) Service Pack 1 is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Vista x64 Edition Service Pack 1 is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Server 2008 (ia-64) is installed AND GDR or LDR Service branch the version of Csrsrv.dll is less than 6.0.6001.18638 OR LDR the version of Csrsrv.dll is less than 6.0.6001.22904 AND the version of Csrsrv.dll is greater than or equal to 6.0.6001.22000 OR Vulnerable Microsoft Windows Vista SP2 x86/x64, Server 2008 SP2 32bit/x64/ia64 Windows Vista SP2 x86/x64, Server 2008 SP2 32bit/x64/ia64 Microsoft Windows Vista (32-bit) Service Pack 2 is installed OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND GDR or LDR Service branch the version of Csrsrv.dll is less than 6.0.6002.18456 OR LDR the version of Csrsrv.dll is less than 6.0.6002.22628 AND the version of Csrsrv.dll is greater than or equal to 6.0.6002.22000 OR Vulnerable Microsoft Windows 7 x86/x64, Windows Server 2008 R2 x86/x64/ia64 Windows 7 x86/x64, Windows Server 2008 R2 x86/x64/ia64 Microsoft Windows 7 (32-bit) is installed OR Microsoft Windows 7 x64 Edition is installed OR Microsoft Windows Server 2008 R2 x64 Edition is installed OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND GDR or LDR Service branch the version of Kernel32.dll is less than 6.1.7600.16816 OR LDR the version of Kernel32.dll is less than 6.1.7600.20978 AND the version of Kernel32.dll is greater than or equal to 6.1.7600.20000 OR Vulnerable Microsoft Windows 7 x86/x64 sp1/sp1, Windows Server 2008 R2 x86/x64/ia64 sp1/sp1 Windows 7 x86/x64 sp1/sp1, Windows Server 2008 R2 x86/x64/ia64 sp1/sp1 Microsoft Windows 7 (32-bit) Service Pack 1 is installed OR Microsoft Windows 7 x64 Service Pack 1 is installed OR Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed OR Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed AND GDR or LDR Service branch the version of Kernel32.dll is less than 6.1.7601.17617 OR LDR the version of Kernel32.dll is less than 6.1.7601.21728 AND the version of Kernel32.dll is greater than or equal to 6.1.7601.21000
BACK