Microsoft Windows up to Vista/Server 2008 Client/Server Run-Time Subsystem memory corruption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.0 | $0-$5k | 0.00 |
Summary
A vulnerability classified as problematic was found in Microsoft Windows up to Vista/Server 2008. This impacts an unknown function of the component Client/Server Run-Time Subsystem. Such manipulation leads to memory corruption. This vulnerability is traded as CVE-2013-1295. An attack has to be approached locally. Furthermore, there is an exploit available. It is advisable to implement a patch to correct this issue.
Details
A vulnerability was found in Microsoft Windows up to Vista/Server 2008 (Operating System) and classified as critical. Affected by this issue is an unknown function of the component Client/Server Run-Time Subsystem. The manipulation with an unknown input leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Impacted is confidentiality, integrity, and availability. CVE summarizes:
The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability."
The weakness was shared 04/09/2013 by George Georgiev Valkov as MS13-033 as confirmed bulletin (Microsoft Technet). The advisory is shared for download at technet.microsoft.com. The vendor cooperated in the coordination of the public release. This vulnerability is handled as CVE-2013-1295 since 01/12/2013. The exploitation is known to be difficult. The attack needs to be approached locally. The successful exploitation requires a simple authentication. Technical details are unknown but a private exploit is available.
It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 65880 (MS13-033: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2820917)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins. The commercial vulnerability scanner Qualys is able to test this issue with plugin 90874 (Microsoft Windows Client/Server Run-Time Subsystem Elevation of Privilege Vulnerability (MS13-033)).
Applying the patch MS13-033 is able to eliminate this problem. The bugfix is ready for download at support.microsoft.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (83082), Tenable (65880), SecurityFocus (BID 58881†), OSVDB (92127†) and Secunia (SA52919†). The entries VDB-8198 and VDB-8200 are related to this item. Once again VulDB remains the best source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.microsoft.com/
- Product: https://www.microsoft.com/en-us/windows
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.8VulDB Meta Temp Score: 7.0
VulDB Base Score: 7.8
VulDB Temp Score: 7.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Access: Private
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 65880
Nessus Name: MS13-033: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2820917)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 903205
OpenVAS Name: MS Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2820917)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: MS13-033
Timeline
01/12/2013 🔍04/04/2013 🔍
04/09/2013 🔍
04/09/2013 🔍
04/09/2013 🔍
04/09/2013 🔍
04/10/2013 🔍
04/10/2013 🔍
04/10/2013 🔍
12/28/2024 🔍
Sources
Vendor: microsoft.comProduct: microsoft.com
Advisory: MS13-033
Researcher: George Georgiev Valkov
Status: Confirmed
Coordinated: 🔍
CVE: CVE-2013-1295 (🔍)
GCVE (CVE): GCVE-0-2013-1295
GCVE (VulDB): GCVE-100-8204
OVAL: 🔍
IAVM: 🔍
X-Force: 83082
SecurityFocus: 58881
Secunia: 52919 - Microsoft Windows CSRSS Memory Handling Privilege Escalation Vulnerability, Less Critical
OSVDB: 92127 - Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Unspecified Local Memory Corruption
SecurityTracker: 1028407 - Windows Client-Server Run-time Subsystem Lets Local Users Gain Elevated Privileges
Vulnerability Center: 39078 - [MS13-033] Microsoft Windows CSRSS Local DoS Vulnerability via a Crafted Application, Medium
scip Labs: https://www.scip.ch/en/?labs.20140213
See also: 🔍
Entry
Created: 04/10/2013 15:59Updated: 12/28/2024 01:29
Changes: 04/10/2013 15:59 (54), 08/19/2018 20:02 (28), 05/07/2021 01:38 (7), 05/07/2021 01:46 (2), 05/07/2021 01:53 (1), 12/28/2024 01:29 (16)
Complete: 🔍
Committer:
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.