ABSTRACT

EnterCriticalSection() can raise an exception, potentially causing the program to crash.

EXPLANATION

Under operating systems prior to Windows 2000, the EnterCriticalSection() function can raise an exception in low memory situations. If the exception is not caught, the program will crash, potentially enabling a denial of service attack.

REFERENCES

[1] Standards Mapping - OWASP Top 10 2007 - (OWASP 2007) A6 Information Leakage and Improper Error Handling

[2] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A7 Improper Error Handling

[3] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP3120 CAT II

[4] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 248

[5] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 - (PCI 1.2) Requirement 6.3.1.2, Requirement 6.5.6

[6] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 - (PCI 2.0) Requirement 6.5.5

[7] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 - (PCI 1.1) Requirement 6.5.7