CVE-2013-6999

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server 2008 SP2

Description The IsHandleEntrySecure function in win32k.sys does not properly validate the tagPROCESSINFO pW32Job field, allowing local users to cause a denial of service via a crafted NtUserValidateHandleSecure call for an owned object. This can result in a NULL pointer dereference and system crash. The vendor reportedly disputes the significance of this report, considering it a local denial of service rather than a security vulnerability.

Recommendations For Microsoft Windows Server 2008 SP2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.