Microsoft Windows up to Server 2012 R2 True Type Font win32k.sys input validation
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.3 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Microsoft Windows up to Server 2012 R2 and classified as problematic. This affects an unknown part of the file win32k.sys of the component True Type Font Handler. The manipulation results in input validation. This vulnerability is reported as CVE-2013-3903. The attack requires a local approach. No exploit exists. A patch should be applied to remediate this issue.
Details
A vulnerability, which was classified as problematic, was found in Microsoft Windows up to Server 2012 R2 (Operating System). Affected is an unknown code of the file win32k.sys of the component True Type Font Handler. The manipulation with an unknown input leads to a input validation vulnerability. CWE is classifying the issue as CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. This is going to have an impact on availability. CVE summarizes:
Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to cause a denial of service (reboot) via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."
The weakness was disclosed 12/10/2013 by Li Chuan Lee with F-13 Laboratory as MS13-101 as confirmed bulletin (Technet). The advisory is available at technet.microsoft.com. The public release has been coordinated in cooperation with the vendor. This vulnerability is traded as CVE-2013-3903 since 06/03/2013. Local access is required to approach this attack. A authentication is needed for exploitation. Technical details are known, but there is no available exploit.
The vulnerability scanner Nessus provides a plugin with the ID 71316 (MS13-101: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2880430)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins. The commercial vulnerability scanner Qualys is able to test this issue with plugin 90933 (Microsoft Windows Kernel-Mode Drivers Elevation of Privilege Vulnerability (MS13-101)).
Applying the patch MS13-101 is able to eliminate this problem. The bugfix is ready for download at technet.microsoft.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (89290), Tenable (71316), SecurityFocus (BID 64090†), OSVDB (100759†) and Vulnerability Center (SBV-42515†). The entries VDB-11443, VDB-11444, VDB-11445 and VDB-11446 are pretty similar. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.microsoft.com/
- Product: https://www.microsoft.com/en-us/windows
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.5VulDB Meta Temp Score: 5.3
VulDB Base Score: 5.5
VulDB Temp Score: 5.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 71316
Nessus Name: MS13-101: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2880430)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 903417
OpenVAS Name: Microsoft Windows Kernel Local Privilege Escalation Vulnerabilities (2880430)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: MS13-101
Timeline
06/03/2013 🔍12/10/2013 🔍
12/10/2013 🔍
12/10/2013 🔍
12/10/2013 🔍
12/11/2013 🔍
12/11/2013 🔍
06/03/2021 🔍
Sources
Vendor: microsoft.comProduct: microsoft.com
Advisory: MS13-101
Researcher: Li Chuan Lee
Organization: F-13 Laboratory
Status: Confirmed
Coordinated: 🔍
CVE: CVE-2013-3903 (🔍)
GCVE (CVE): GCVE-0-2013-3903
GCVE (VulDB): GCVE-100-11442
OVAL: 🔍
IAVM: 🔍
X-Force: 89290
SecurityFocus: 64090
OSVDB: 100759 - Microsoft Windows Win32k.sys Crafted TrueType Font (TTF) File Handling DoS
Vulnerability Center: 42515 - [MS13-101] Microsoft Windows 8, Windows Server 2012 and Windows Server 2012 R2 Remote DoS (CVE-2013-3903), High
scip Labs: https://www.scip.ch/en/?labs.20140213
See also: 🔍
Entry
Created: 12/11/2013 14:48Updated: 06/03/2021 01:16
Changes: 12/11/2013 14:48 (54), 05/02/2019 07:04 (25), 06/03/2021 01:03 (8), 06/03/2021 01:16 (2)
Complete: 🔍
Committer:
Cache ID: 216:E70:103
No comments yet. Languages: en.
Please log in to comment.