CVE-2013-6999

Опубликовано: 07 дек. 2013

Источник: nvd

CVSS2: 4

EPSS Низкий

Описание

The IsHandleEntrySecure function in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 SP2 does not properly validate the tagPROCESSINFO pW32Job field, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted NtUserValidateHandleSecure call for an owned object. NOTE: the vendor reportedly disputes the significance of this report, stating that "it appears to be a local DOS ... we don't consider it a security vulnerability.

Комментарий

Per: http://cwe.mitre.org/data/definitions/476.html

"CWE-476: NULL Pointer Dereference"

Ссылки

http://pastebin.com/raw.php?i=we0ZSQC0
Exploit
http://secunia.com/advisories/55633
Vendor Advisory
http://www.securityfocus.com/bid/64057
http://pastebin.com/raw.php?i=we0ZSQC0
Exploit
http://secunia.com/advisories/55633
Vendor Advisory
http://www.securityfocus.com/bid/64057

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00527

Низкий

4 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-vxrg-v6vf-8c93

github

больше 3 лет назад

** DISPUTED ** The IsHandleEntrySecure function in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 SP2 does not properly validate the tagPROCESSINFO pW32Job field, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted NtUserValidateHandleSecure call for an owned object. NOTE: the vendor reportedly disputes the significance of this report, stating that "it appears to be a local DOS ... we don't consider it a security vulnerability."