| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.2 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as problematic has been discovered in Microsoft Windows up to XP. This affects an unknown function of the file win32k.sys. Such manipulation leads to resource management. This vulnerability is traded as CVE-2013-3879. An attack has to be approached locally. There is no exploit available. A patch should be applied to remediate this issue.
Details
A vulnerability was found in Microsoft Windows up to XP (Operating System) and classified as problematic. Affected by this issue is an unknown functionality of the file win32k.sys. The manipulation with an unknown input leads to a resource management vulnerability. Using CWE to declare the problem leads to CWE-399. Impacted is confidentiality, and integrity. CVE summarizes:
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
The weakness was shared 10/08/2013 as MS13-081 as confirmed bulletin (Technet). The advisory is available at technet.microsoft.com. The vendor cooperated in the coordination of the public release. This vulnerability is handled as CVE-2013-3879 since 06/03/2013. Local access is required to approach this attack. The successful exploitation needs a simple authentication. Technical details are known, but there is no available exploit.
The vulnerability scanner Nessus provides a plugin with the ID 70333 (MS13-081: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins. The commercial vulnerability scanner Qualys is able to test this issue with plugin 90913 (Microsoft Windows Kernel-Mode Drivers Remote Code Execution (MS13-081)).
Applying the patch MS13-081 is able to eliminate this problem. The bugfix is ready for download at technet.microsoft.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (70333), SecurityFocus (BID 62797†), OSVDB (98210†), Secunia (SA55052†) and Vulnerability Center (SBV-41819†). The entries VDB-10632, VDB-10633, VDB-10635 and VDB-10636 are related to this item. If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Type
Vendor
Name
Version
License
Support
- end of life (old version)
Website
- Vendor: https://www.microsoft.com/
- Product: https://www.microsoft.com/en-us/windows
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.4VulDB Meta Temp Score: 4.2
VulDB Base Score: 4.4
VulDB Temp Score: 4.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Resource managementCWE: CWE-399 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 70333
Nessus Name: MS13-081: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 903500
OpenVAS Name: MS Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2870008)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: MS13-081
Timeline
06/03/2013 🔍08/10/2013 🔍
10/03/2013 🔍
10/08/2013 🔍
10/08/2013 🔍
10/09/2013 🔍
10/09/2013 🔍
10/09/2013 🔍
05/26/2021 🔍
Sources
Vendor: microsoft.comProduct: microsoft.com
Advisory: MS13-081
Status: Confirmed
Coordinated: 🔍
CVE: CVE-2013-3879 (🔍)
GCVE (CVE): GCVE-0-2013-3879
GCVE (VulDB): GCVE-100-10634
OVAL: 🔍
IAVM: 🔍
SecurityFocus: 62797
Secunia: 55052 - Microsoft Windows Kernel Multiple Vulnerabilities, Highly Critical
OSVDB: 98210 - Microsoft Windows Win32k.sys Unspecified Use-after-free Local Privilege Escalation
Vulnerability Center: 41819 - [MS13-081] Microsoft Windows Local Use-After-Free Vulnerability Due to a Flaw In The Win32k Driver - CVE-2013-3879, Medium
scip Labs: https://www.scip.ch/en/?labs.20140213
See also: 🔍
Entry
Created: 10/09/2013 18:00Updated: 05/26/2021 13:27
Changes: 10/09/2013 18:00 (50), 08/19/2018 19:56 (28), 05/26/2021 13:15 (8), 05/26/2021 13:21 (2), 05/26/2021 13:27 (1)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.