Vulnerability Name:

CVE-2006-6797 (CCN-31176)

Assigned:2006-12-27
Published:2006-12-27
Updated:2018-10-17
Summary:The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696.
CVSS v3 Severity:5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:6.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:N/A:C)
5.2 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:N/A:C/E:F/RL:OF/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): Complete
3.6 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P)
2.8 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P/E:F/RL:OF/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2006-6797

Source: CCN
Type: SA23491
Microsoft Windows CSRSS Information Disclosure Vulnerability

Source: SECUNIA
Type: UNKNOWN
23491

Source: SREASON
Type: UNKNOWN
2086

Source: CCN
Type: SECTRACK ID: 1017454
Windows Client-Server Run-time Subsystem NtRaiseHardError Discloses Memory to Local Users

Source: SECTRACK
Type: UNKNOWN
1017454

Source: CCN
Type: ASA-2007-159
MS07-021 Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)

Source: CCN
Type: Microsoft Security Bulletin MS12-054
Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution (2733594)

Source: CCN
Type: Microsoft Security Bulletin MS13-019
Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2790113)

Source: CCN
Type: Microsoft Security Bulletin MS13-033
Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2820917)

Source: CCN
Type: Microsoft Security Bulletin MS13-077
Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege (2872339)

Source: CCN
Type: Microsoft Security Bulletin MS16-087
Security Update for the Microsoft Print Spooler (3170005)

Source: CCN
Type: US-CERT VU#740636
Microsoft Windows CSRSS error handling vulnerability

Source: CERT-VN
Type: US Government Resource
VU#740636

Source: CCN
Type: Microsoft Security Bulletin MS07-021
Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)

Source: CCN
Type: Microsoft Security Bulletin MS09-022
Vulnerabilities in the Windows Print Spooler Could Allow Remote Code Execution (961501)

Source: CCN
Type: Microsoft Security Bulletin MS10-069
Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege (2121546)

Source: CCN
Type: Microsoft Security Bulletin MS11-056
Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938)

Source: CCN
Type: Microsoft Security Bulletin MS11-063
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)

Source: CCN
Type: Microsoft Security Bulletin MS12-003
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)

Source: MISC
Type: UNKNOWN
http://www.reversemode.com/index.php?option=com_content&task=view&id=29&Itemid=2

Source: MISC
Type: UNKNOWN
http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=43

Source: BUGTRAQ
Type: UNKNOWN
20061227 NtRaiseHardError Csrss.exe memory Disclosure exploit

Source: HP
Type: UNKNOWN
HPSBST02208

Source: CERT
Type: US Government Resource
TA07-100A

Source: VUPEN
Type: UNKNOWN
ADV-2006-5197

Source: VUPEN
Type: UNKNOWN
ADV-2007-1325

Source: MS
Type: UNKNOWN
MS07-021

Source: XF
Type: UNKNOWN
win-ntraiseharderror-information-disclosure(31176)

Source: XF
Type: UNKNOWN
win-ntraiseharderror-information-disclosure(31176)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2013

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_xp:*:gold:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:*:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:*:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:x64:*
  • OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*
  • OR cpe:/a:microsoft:windows_2003:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:2013
    V
    		CSRSS DoS Vulnerability
    2012-11-19
    BACK
    microsoft windows xp * gold
    microsoft windows 2000 * sp4
    microsoft windows 2003_server
    microsoft windows xp sp2
    microsoft windows 2003 server *
    microsoft windows 2003_server sp1
    microsoft windows 2003_server sp1_itanium
    microsoft windows vista *
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows vista *
    microsoft windows xp sp2
    microsoft windows 2003 *