Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The IsHandleEntrySecure function in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 SP2 does not properly validate the tagPROCESSINFO pW32Job field, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted NtUserValidateHandleSecure call for an owned object. NOTE: the vendor reportedly disputes the significance of this report, stating that "it appears to be a local DOS ... we don't consider it a security vulnerability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Microsoft Windows Server 安全漏洞
Vulnerability Description
Microsoft Windows Server是美国微软(Microsoft)公司的一套服务器操作系统。 Microsoft Windows Server 2008 SP2版本中的内核模式驱动程序存在安全漏洞,该漏洞源于win32k.sys文件的IsHandleEntrySecure函数没有正确验证tagPROCESSINFO pW32Job字段。本地攻击者可利用该漏洞造成绝服务(空指针逆向引用和系统崩溃)。
CVSS Information
N/A
Vulnerability Type
N/A