win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other Vulnerability Type 2 CVEs listed in MS11-034, aka Win32k Null Pointer De-reference Vulnerability.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Windows_2003_server | Microsoft | –sp2 (including) | –sp2 (including) |
Windows_7 | Microsoft | - (including) | - (including) |
Windows_7 | Microsoft | –sp1 (including) | –sp1 (including) |
Windows_server_2003 | Microsoft | –sp2 (including) | –sp2 (including) |
Windows_server_2008 | Microsoft | - (including) | - (including) |
Windows_server_2008 | Microsoft | –sp2 (including) | –sp2 (including) |
Windows_server_2008 | Microsoft | r2 (including) | r2 (including) |
Windows_server_2008 | Microsoft | r2-sp1 (including) | r2-sp1 (including) |
Windows_vista | Microsoft | –sp1 (including) | –sp1 (including) |
Windows_vista | Microsoft | –sp2 (including) | –sp2 (including) |
Windows_xp | Microsoft | –sp2 (including) | –sp2 (including) |
Windows_xp | Microsoft | –sp3 (including) | –sp3 (including) |