CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 0CVE-2013-1345 – Microsoft Windows win32k.sys Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2013-1345
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability." win32k.sys en los controladores kernel-mode en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, y Windows RT no maneja objetos en memoria de forma adecuada, lo que permite a usuarios locales obtener privilegios a través de aplicaciones manipuladas, también conocido como "Win32k Vulnerability." This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must run a malicious executable. The specific flaw exists within the handling of Dynamic Data Exchange objects. The issue lies in the destruction of DDE objects within a thread. An attacker can leverage this to escalate their privileges and execute code under the context of SYSTEM. • http://www.us-cert.gov/ncas/alerts/TA13-190A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-053 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17379 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2013-3167
https://notcve.org/view.php?id=CVE-2013-3167
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability." win32k.sys en los controladores kernel-mode de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, y Windows 7 SP1 no maneja adecuadamente los objetos en la memoria, lo que permite a usuarios locales conseguir privilegios a través de una aplicación hecha a mano, también conocido como "Win32k Information Disclosure Vulnerability." • http://www.us-cert.gov/ncas/alerts/TA13-190A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-053 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17293 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 92%CPEs: 11EXPL: 1CVE-2013-3174 – Microsoft DirectShow - Arbitrary Memory Overwrite (MS13-056)
https://notcve.org/view.php?id=CVE-2013-3174
DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability." DirectShow en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, y Windows Server 2012 permite a atacantes remotos la ejecución de código de su elección mediante un archivo GIF manipulado, también conocida como "DirectShow Arbitrary Memory Overwrite Vulnerability." • https://www.exploit-db.com/exploits/27050 http://www.us-cert.gov/ncas/alerts/TA13-190A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-056 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16883 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 2CVE-2013-1300 – Microsoft Windows NtUserMessageCall Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2013-1300
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability." win32k.sys en controladores kernel-mode en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, y Windows RT no gestiona de forma adecuada los objetos en memoria, lo que provoca que usuarios locales obtengan privilegios a través de una aplicación manipulada, también conocido como "Win32k Memory Allocation Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within NtUserMessageCall. The issue lies in the handling of boolean arguments. An attacker can leverage this vulnerability to raise privileges and execute code under the context of SYSTEM. • https://www.exploit-db.com/exploits/33213 http://www.exploit-db.com/exploits/33213 http://www.us-cert.gov/ncas/alerts/TA13-190A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-053 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17353 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0CVE-2013-3136
https://notcve.org/view.php?id=CVE-2013-3136
The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability." El kernel en Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1 y Windows 8 en plataformas de 32 bits no controla correctamente llamadas al sistema de fallos no especificadas de fallos de página, permitiendo a usuarios locales obtener información confidencial de la memoria del núcleo a través de una aplicación especialmente diseñada, también conocido como "vulnerabilidad de revelación de información del Kernel" • http://www.us-cert.gov/ncas/alerts/TA13-168A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-048 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16847 • CWE-399: Resource Management Errors •