CVE-2013-3902 - Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 20

CVE-2013-3902

Summary

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1 and Windows 7 SP1 on 64-bit platforms allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms13-101 "Affected Software Windows 7 for 32-bit Systems Service Pack 1 (2893984)"

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-101

Vulnerable Configurations

cpe:2.3:o:microsoft:windows_7:*:sp1:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:*:sp1:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:*:sp1:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:*:sp1:x86:*:*:*:*:*

CVSS

Base:	7.2 (as of 28-09-2020 - 12:58)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

msbulletin via4

bulletin_id	MS13-101
bulletin_url
date	2013-12-10T00:00:00
impact	Elevation of Privilege
knowledgebase_id	2880430
knowledgebase_url
severity	Important
title	Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege

refmap via4

Last major update

28-09-2020 - 12:58

Published

11-12-2013 - 00:55

Last modified

28-09-2020 - 12:58