CVE-2013-1283

2013-04-0922:55:00

CWE-362

[email protected]

web.nvd.nist.gov

security

vulnerability

win32k.sys

race condition

privilege escalation

nvd

6.5 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

13.9%

JSON

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka “Win32k Race Condition Vulnerability.”

CPENameOperatorVersion
microsoft:windows_server_2008microsoft windows server 2008eq*
microsoft:windows_rtmicrosoft windows rteq-
microsoft:windows_xpmicrosoft windows xpeq-
microsoft:windows_8microsoft windows 8eq-
microsoft:windows_xpmicrosoft windows xpeq*
microsoft:windows_7microsoft windows 7eq*
microsoft:windows_server_2003microsoft windows server 2003eq*
microsoft:windows_vistamicrosoft windows vistaeq*
microsoft:windows_server_2012microsoft windows server 2012eq-

CPE	Name	Operator	Version
microsoft:windows_server_2008	microsoft windows server 2008	eq	*
microsoft:windows_rt	microsoft windows rt	eq	-
microsoft:windows_xp	microsoft windows xp	eq	-
microsoft:windows_8	microsoft windows 8	eq	-
microsoft:windows_xp	microsoft windows xp	eq	*
microsoft:windows_7	microsoft windows 7	eq	*
microsoft:windows_server_2003	microsoft windows server 2003	eq	*
microsoft:windows_vista	microsoft windows vista	eq	*
microsoft:windows_server_2012	microsoft windows server 2012	eq	-