{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Microsoft Windows XP Professional x64 Edition (Service Pack 2 compris).","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2003 x64 Edition (Service Pack 2 inclus) ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows XP Service Pack 2 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2003 pour les syst\u00e8mes Itanium (Service Pack 1 et Service Pack 2 inclus) ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Vista x64 Edition.","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2003 (Service Pack 1 et Service Pack 2 inclus) ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Vista ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows 2000 Service Pack 4 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le processus\nClient/Server Runtime Subsystem ou CSRSS de Microsoft Windows. Ce\ndernier est un \u00e9l\u00e9ment essentiel du syst\u00e8me d'exploitation, qui permet\nentre autres de g\u00e9rer les fen\u00eatres et des \u00e9l\u00e9ments graphiques de\nWindows.\n\n-   csrss.exe ne manipulerait pas correctement certains messages\n    d'erreurs via ses fen\u00eatres MsgBox. Une personne malveillante\n    pourrait donc forcer l'affichage de tels messages particuliers\n    (visite d'une page Web, ou lancement d'une application) afin de\n    prendre le contr\u00f4le du syst\u00e8me vuln\u00e9rable ;\n-   csrss.exe ne convertirait pas correctement certaines ressources\n    syst\u00e8me, ce qui pourrait \u00e9galement \u00eatre exploit\u00e9 pour prendre le\n    contr\u00f4le d'un syst\u00e8me ;\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2007-1209","url":"https://www.cve.org/CVERecord?id=CVE-2007-1209"},{"name":"CVE-2006-6696","url":"https://www.cve.org/CVERecord?id=CVE-2006-6696"},{"name":"CVE-2006-6797","url":"https://www.cve.org/CVERecord?id=CVE-2006-6797"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 eEye AD20070410b du 10 avril 2007 :","url":"http://www.eeye.com/html/research/advisories/published/AD20070410b.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Microsoft MS07-021 du 11 avril 2007 :","url":"http://www.microsoft.com/technet/security/Bulletin/MS07-021.mspx"},{"title":"Bulletin de s\u00e9curit\u00e9 Microsoft MS07-021 du 11 avril 2007 :","url":"http://www.microsoft.com/france/technet/security/bulletin/MS07-021.mspx"}],"reference":"CERTA-2007-AVI-168","revisions":[{"description":"version initiale.","revision_date":"2007-04-11T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"D\u00e9ni de service"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le processus <span\nclass=\"textit\">Client/Server Runtime Subsystem</span> ou CSRSS de\nMicrosoft Windows. L'exploitation de celles-ci permettraient \u00e0 une\npersonne malveillante de perturber ou prendre le contr\u00f4le complet du\nsyst\u00e8me vuln\u00e9rable.\n","title":"Multiples vuln\u00e9rabilit\u00e9s de CSRSS dans Microsoft Windows","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Microsoft MS07-021 du 10 avril 2007","url":null}]}