QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2013-6999

Back to search

CVE-2013-6999

Published: Dec 7, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The IsHandleEntrySecure function in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 SP2 does not properly validate the tagPROCESSINFO pW32Job field, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted NtUserValidateHandleSecure call for an owned object. NOTE: the vendor reportedly disputes the significance of this report, stating that "it appears to be a local DOS ... we don't consider it a security vulnerability.

VendorProductVersions

n/a

n/a

affected
n/a

References

64057
vdb-entry
x_refsource_BID
55633
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now
CVE-2013-6999 - Security Vulnerability | QwikSec