Vigil@nce: Windows, information disclosure via CSRSS
February 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can use a program which captures data of next
users of the system.
– Severity: 2/4
– Creation date: 09/02/2011
IMPACTED PRODUCTS
– Microsoft Windows 2003
– Microsoft Windows XP
DESCRIPTION OF THE VULNERABILITY
The CSRSS (Client/Server Run-time Subsystem) subsystem notably
manages users’ session.
When a user logs off, his processes are killed. However, an
attacker can create a special process, which is not terminated by
CSRSS. This process can then capture data (keyboard, screen) of
next users connecting on the computer.
A local attacker can therefore use a program which captures data
of next users of the system. By capturing a login/password, he can
thus log on under the account of this user.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-information-disclosure-via-CSRSS-10348