CVE Vulnerabilities

CVE-2011-1229

NULL Pointer Dereference

Published: Apr 13, 2011 | Modified: Mar 26, 2021
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other Vulnerability Type 2 CVEs listed in MS11-034, aka Win32k Null Pointer De-reference Vulnerability.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Windows_2003_server Microsoft –sp2 (including) –sp2 (including)
Windows_7 Microsoft - (including) - (including)
Windows_7 Microsoft –sp1 (including) –sp1 (including)
Windows_server_2003 Microsoft –sp2 (including) –sp2 (including)
Windows_server_2008 Microsoft - (including) - (including)
Windows_server_2008 Microsoft –sp2 (including) –sp2 (including)
Windows_server_2008 Microsoft r2 (including) r2 (including)
Windows_server_2008 Microsoft r2-sp1 (including) r2-sp1 (including)
Windows_vista Microsoft –sp1 (including) –sp1 (including)
Windows_vista Microsoft –sp2 (including) –sp2 (including)
Windows_xp Microsoft –sp2 (including) –sp2 (including)
Windows_xp Microsoft –sp3 (including) –sp3 (including)

Potential Mitigations

References