VULHUB ™

Microsoft Windows是一款流行的操作系统。 Microsoft Windows处理特殊参数的部分API调用时存在问题，本地攻击者可以利用漏洞获得敏感信息或对系统进行拒绝服务攻击。 Microsoft Windows的WINSRV.DLL在处理HardError消息时存在两次释放错误。攻击者如果把MessageBox()函数的caption或text参数设置为以“\??\”开始的字符串，那么畸形的参数会触发内核内存破坏，导致系统崩溃。 另外CSRSS.exe没有正确的验证由NtRaiseHardError传送的参数，可允许攻击者浏览CSRSS进程内存的内容，导致敏感信息泄露。 Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Media Center Edition SP1 Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP2 Microsoft Windows XP Home SP1 Microsoft Windows XP Home Microsoft Windows Vista December CTP Microsoft Windows Vista beta 2 Microsoft Windows Vista Beta 1 Microsoft Windows Vista Beta Microsoft Windows Server 2003 Web Edition SP1 Beta 1 Microsoft Windows Server 2003 Web Edition SP1 Microsoft...

Microsoft Windows是一款流行的操作系统。 Microsoft Windows处理特殊参数的部分API调用时存在问题，本地攻击者可以利用漏洞获得敏感信息或对系统进行拒绝服务攻击。 Microsoft Windows的WINSRV.DLL在处理HardError消息时存在两次释放错误。攻击者如果把MessageBox()函数的caption或text参数设置为以“\??\”开始的字符串，那么畸形的参数会触发内核内存破坏，导致系统崩溃。 另外CSRSS.exe没有正确的验证由NtRaiseHardError传送的参数，可允许攻击者浏览CSRSS进程内存的内容，导致敏感信息泄露。 Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Media Center Edition SP1 Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP2 Microsoft Windows XP Home SP1 Microsoft Windows XP Home Microsoft Windows Vista December CTP Microsoft Windows Vista beta 2 Microsoft Windows Vista Beta 1 Microsoft Windows Vista Beta Microsoft Windows Server 2003 Web Edition SP1 Beta 1 Microsoft Windows Server 2003 Web Edition SP1 Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2003 Standard Edition SP1 Beta 1 Microsoft Windows Server 2003 Standard Edition SP1 Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Enterprise Edition SP1 Beta 1 Microsoft Windows Server 2003 Enterprise Edition SP1 Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Datacenter Edition SP1 Beta 1 Microsoft Windows Server 2003 Datacenter Edition SP1 Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Server SP3 Microsoft Windows 2000 Server SP2 Microsoft Windows 2000 Server SP1 Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Professional SP3 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional Microsoft Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Datacenter Server SP3 Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Datacenter Server SP1 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Advanced Server SP4 Microsoft Windows 2000 Advanced Server SP3 Microsoft Windows 2000 Advanced Server SP2 Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows 2000 Advanced Server 目前没有解决方案提供： <a href="http://www.microsoft.com/" target="_blank">http://www.microsoft.com/</a>