| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.2 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as critical has been discovered in Microsoft Windows Server 2003/XP. This affects an unknown part of the component CSRSS Logoff. Such manipulation leads to access control. This vulnerability is uniquely identified as CVE-2011-0030. No exploit exists. It is advisable to implement a patch to correct this issue.
Details
A vulnerability was found in Microsoft Windows Server 2003/XP (Operating System). It has been rated as critical. Affected by this issue is an unknown functionality of the component CSRSS Logoff. The manipulation with an unknown input leads to a access control vulnerability. Using CWE to declare the problem leads to CWE-264. Impacted is confidentiality, and integrity. CVE summarizes:
The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.
The weakness was disclosed 02/08/2011 by Sihan Qing, Weiping Wen, Liang Yi and Husheng Zhou with Beijing University, Department of Information Secu as MS11-010 as confirmed bulletin (Technet). The advisory is shared for download at microsoft.com. This vulnerability is handled as CVE-2011-0030 since 12/10/2010. The attack can only be done within the local network. No form of authentication is required for exploitation. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1068.
The vulnerability scanner Nessus provides a plugin with the ID 51910 (MS11-010: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2476687)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 118955 (Microsoft Windows Client/Server Run-time Subsystem Elevation of Privilege Vulnerability (MS11-010)).
Applying the patch MS11-010 is able to eliminate this problem. The bugfix is ready for download at microsoft.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (64918), Tenable (51910), SecurityFocus (BID 46142†), OSVDB (70826†) and Secunia (SA43250†). The entries VDB-4296, VDB-4295, VDB-4294 and VDB-4293 are pretty similar. Once again VulDB remains the best source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Support
- end of life (old version)
Website
- Vendor: https://www.microsoft.com/
- Product: https://www.microsoft.com/en-us/windows
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.4VulDB Meta Temp Score: 5.2
VulDB Base Score: 5.4
VulDB Temp Score: 5.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 51910
Nessus Name: MS11-010: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2476687)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 901181
OpenVAS Name: Windows Client/Server Run-time Subsystem Privilege Elevation Vulnerability (2476687)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: MS11-010
Timeline
12/10/2010 🔍02/08/2011 🔍
02/08/2011 🔍
02/08/2011 🔍
02/08/2011 🔍
02/08/2011 🔍
02/08/2011 🔍
02/08/2011 🔍
02/09/2011 🔍
02/16/2011 🔍
01/20/2025 🔍
Sources
Vendor: microsoft.comProduct: microsoft.com
Advisory: MS11-010
Researcher: Sihan Qing, Weiping Wen, Liang Yi, Husheng Zhou
Organization: Beijing University, Department of Information Secu
Status: Confirmed
CVE: CVE-2011-0030 (🔍)
GCVE (CVE): GCVE-0-2011-0030
GCVE (VulDB): GCVE-100-4292
OVAL: 🔍
X-Force: 64918
SecurityFocus: 46142 - Microsoft Windows CSRSS (CVE-2011-0030) Local Privilege Escalation Vulnerability
Secunia: 43250 - Microsoft Windows CSRSS Logoff Process Termination Vulnerability, Less Critical
OSVDB: 70826 - Microsoft Windows CSRSS Logoff Process Termination Local Information Disclosure
SecurityTracker: 1025045
Vulnerability Center: 29662 - [MS11-010] Microsoft Windows CSRSS Local Privilege Escalation Vulnerability, High
See also: 🔍
Entry
Created: 02/16/2011 11:06Updated: 01/20/2025 02:26
Changes: 02/16/2011 11:06 (82), 03/15/2017 12:32 (9), 03/18/2021 19:40 (3), 01/05/2025 22:31 (15), 01/20/2025 02:26 (2)
Complete: 🔍
Cache ID: 216:6FF:103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.