Lucene search

K

[email protected]NVD:CVE-2013-1295

HistoryApr 09, 2013 - 10:55 p.m.

CVE-2013-1295

2013-04-0922:55:01

CWE-119

[email protected]

web.nvd.nist.gov

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.4%

The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka “CSRSS Memory Corruption Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_server_2003sp2

OR

microsoftwindows_server_2008sp2itanium

OR

microsoftwindows_server_2008sp2x64

OR

microsoftwindows_server_2008sp2x86

OR

microsoftwindows_vistasp2

OR

microsoftwindows_xpsp3

OR

microsoftwindows_xpMatch-sp2x64

References

www.us-cert.gov/ncas/alerts/TA13-100A

docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-033

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16260

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.4%

Related for NVD:CVE-2013-1295

symantec1 openvas2 cve1 prion1 nessus1 cvelist1 securityvulns1