CVE-2013-5065 - NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users

CVE-2013-5065

Summary

NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.

References

Vulnerable Configurations

cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:*:*

CVSS

Base:	7.2 (as of 24-07-2024 - 14:29)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

msbulletin via4

bulletin_id	MS14-002
bulletin_url
date	2014-01-14T00:00:00
impact	Elevation of Privilege
knowledgebase_id	2914368
knowledgebase_url
severity	Important
title	Vulnerability in Windows Kernel Could Allow Elevation of Privilege

refmap via4

confirm	http://technet.microsoft.com/security/advisory/2914486
exploit-db	37732
misc	http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html

Last major update

24-07-2024 - 14:29

Published

28-11-2013 - 00:55

Last modified

24-07-2024 - 14:29