CVE-2013-6999

The IsHandleEntrySecure function in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 SP2 does not properly validate the tagPROCESSINFO pW32Job field, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted NtUserValidateHandleSecure call for an owned object. NOTE: the vendor reportedly disputes the significance of this report, stating that "it appears to be a local DOS ... we don't consider it a security vulnerability.

Published: Dec 7, 2013
Updated: Nov 8, 2023
CVE: CVE-2013-6999
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:L/AC:H/Au:N/C:N/I:N/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / windows_server_2008	-	-

http://pastebin.com/raw.php?i=we0ZSQC0
http://secunia.com/advisories/55633
http://www.securityfocus.com/bid/64057

Vulnerability Database

289,598

CVE-2013-6999