Vulnerability CVE-2011-1967 - CERT Civis.Net

Vulnerability Name:

CVE-2011-1967 (CCN-68800)

Assigned:

2011-08-09

Published:

2011-08-09

Updated:

2020-09-28

Summary:

Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."

CVSS v3 Severity:

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2011-1967

Source: CCN
Type: SA45478
Windows Client/Server Run-time Subsystem Privilege Escalation

Source: CCN
Type: Microsoft Security Bulletin MS13-019
Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2790113)

Source: CCN
Type: Microsoft Security Bulletin MS13-033
Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2820917)

Source: CCN
Type: Microsoft Security Bulletin MS13-077
Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege (2872339)

Source: CCN
Type: Microsoft Security Bulletin MS11-063
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)

Source: CCN
Type: Microsoft Security Bulletin MS12-003
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)

Source: CCN
Type: BID-48992
Microsoft Windows CSRSS CVE-2011-1967 Local Privilege Escalation Vulnerability

Source: CERT
Type: US Government Resource
TA11-221A

Source: MS
Type: UNKNOWN
MS11-063

Source: XF
Type: UNKNOWN
ms-winsrv-privilege-escalation(68800)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:12911

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_7:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_7:-:sp1:*:*:ultimate_n:*:x64:*

OR cpe:/o:microsoft:windows_7:-:sp1:*:*:ultimate_n:*:x86:*

OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:itanium:*

OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

Configuration CCN 1:

cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*

OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:-:sp2:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_7:-:*:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:itanium:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:*

OR cpe:/o:microsoft:windows_7:-:sp1:*:*:ultimate_n:*:x64:*

OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:12911	V	CSRSS Vulnerability	2011-09-26