Lucene search

[email protected]CVE-2013-6791

HistoryNov 29, 2013 - 3:55 p.m.

CVE-2013-6791

2013-11-2915:55:03

CWE-200

[email protected]

web.nvd.nist.gov

microsoft

emet

cve-2013-6791

address predictability

aslr

rop

nvd

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.1%

JSON

Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0 uses predictable addresses for hooked functions, which makes it easier for context-dependent attackers to defeat the ASLR protection mechanism via a return-oriented programming (ROP) attack.

Affected configurations

NVD

Node

microsoftenhanced_mitigation_experience_toolkitRange≤3.0

CPENameOperatorVersion
microsoft:enhanced_mitigation_experience_toolkitmicrosoft enhanced mitigation experience toolkitle3.0

CPE	Name	Operator	Version
microsoft:enhanced_mitigation_experience_toolkit	microsoft enhanced mitigation experience toolkit	le	3.0

References

blogs.technet.com/b/srd/archive/2013/06/17/emet-4-0-now-available-for-download.aspx

en.nsfocus.com/advisories/1301.html

www.securitytracker.com/id/1029411

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.1%

JSON

Related for CVE-2013-6791

nvd1 openvas2 nessus1 prion1 cvelist1