MS12-003: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)
Medium Nessus Plugin ID 57471
SynopsisThe remote Windows host has a privilege escalation vulnerability.
DescriptionThe Windows Client/Server Run-time Subsystem (CSRSS) on the remote host has a privilege escalation vulnerability that can be triggered when processing a sequence of specially crafted Unicode characters and trying to access the contents of a memory buffer that has not been properly initialized.
If the system is configured with a Chinese, Japanese, or Korean system locale, an attacker who can log into the affected system could leverage this issue by running a malicious application to take complete control of the affected system.
SolutionMicrosoft has released a set of patches for Windows XP, 2003, Vista, and 2008.