<em style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-1870" target="_blank">CVE</a>)</em> : Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka &quot;CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability.&quot;

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

Unknown or Incomplete

• OVAL ID: 12889
• CVE ID: 2011-1870 (see also: NVD)
• Microsoft Knowledge Base Article: 2507938
• Secunia Advisory ID: 45174
• Bugtraq ID: 48605
• Related OSVDB ID: 73792 73793 73794 73796
• Microsoft Security Bulletin: MS11-056
• CERT: TA11-193A

• Matthew 'j00ru' Jurczyk - Hispasec Virustotal