Published: 07/12/2013 Updated: 20/12/2013
CVSS v2 Base Score: 4 | Impact Score: 6.9 | Exploitability Score: 1.9
VMScore: 356
Vector: AV:L/AC:H/Au:N/C:N/I:N/A:C

Vulnerability Summary

** DISPUTED ** The IsHandleEntrySecure function in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 SP2 does not properly validate the tagPROCESSINFO pW32Job field, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted NtUserValidateHandleSecure call for an owned object. NOTE: the vendor reportedly disputes the significance of this report, stating that "it appears to be a local DOS ... we don't consider it a security vulnerability."

Affected Products

Vendor Product Versions
MicrosoftWindows Server 2008*