CVE-2023-23409
EUVD-2023-2750914.03.2023, 17:15
Client Server Run-Time Subsystem (CSRSS) Information Disclosure VulnerabilityEnginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| microsoft | windows_10_1507 | 𝑥 < 10.0.10240.19805 |
| microsoft | windows_10_1607 | 𝑥 < 10.0.14393.5786 |
| microsoft | windows_10_1809 | 𝑥 < 10.0.17763.4131 |
| microsoft | windows_10_20h2 | 𝑥 < 10.0.19042.2728 |
| microsoft | windows_10_21h2 | 𝑥 < 10.0.19044.2728 |
| microsoft | windows_10_22h2 | 𝑥 < 10.0.19045.2728 |
| microsoft | windows_11_21h2 | 𝑥 < 10.0.22000.1696 |
| microsoft | windows_11_22h2 | 𝑥 < 10.0.22000.1413 |
| microsoft | windows_server_2008 | - |
| microsoft | windows_server_2008 | - |
| microsoft | windows_server_2012 | - |
| microsoft | windows_server_2016 | - |
| microsoft | windows_server_2019 | - |
| microsoft | windows_server_2022 | - |
𝑥
= Vulnerable software versions
Windows Releases
Platform | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Windows 10 |
| ||||||||||||
| Windows 11 |
| ||||||||||||
| Windows Server 2008 |
| ||||||||||||
| Windows Server 2008 R2 |
| ||||||||||||
| Windows Server 2012 |
| ||||||||||||
| Windows Server 2012 R2 |
| ||||||||||||
| Windows Server 2016 |
| ||||||||||||
| Windows Server 2019 |
| ||||||||||||
| Windows Server 2022 |
|
Common Weakness Enumeration
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
- CWE-668 - Exposure of Resource to Wrong SphereThe product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.