CVE-2005-0551

Windows 2000, XP SP1/SP2, Server 2003 - Local Privilege Escalation via WINSRV.DLL FaceName Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0551. PoCs published by eyas.

AI-analyzed exploit summary This exploit targets a stack overflow vulnerability in CSRSS.EXE (CVE-2005-0551) on Windows 2000 SP3/SP4. It crafts a malicious CONSOLE_STATE_INFO structure to trigger the overflow, executes arbitrary code via a JMP ESP instruction, and adds a new administrator user.

Description

Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.

Exploits (1)

exploitdb WORKING POC VERIFIED

by eyas · clocalwindows

https://www.exploit-db.com/exploits/1198

View Code ZIP pw:eip

This exploit targets a stack overflow vulnerability in CSRSS.EXE (CVE-2005-0551) on Windows 2000 SP3/SP4. It crafts a malicious CONSOLE_STATE_INFO structure to trigger the overflow, executes arbitrary code via a JMP ESP instruction, and adds a new administrator user.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows 2000 SP3/SP4

No auth needed

Prerequisites: Target must be running Windows 2000 SP3/SP4 · Attacker must have local access to execute the exploit

MITRE ATT&CK