CVSS: 6.9EPSS: 0%CPEs: 14EXPL: 1CVE-2013-5058 – Microsoft Windows Kernel - 'win32k.sys' Integer Overflow (MS13-101)
https://notcve.org/view.php?id=CVE-2013-5058
Integer overflow in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges via a crafted application, aka "Win32k Integer Overflow Vulnerability." Desbordamiento de enteros en los controladores en modo kernel de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1 y Windows Server 2012 Gold y R2 permite a usuarios locales conseguir privilegios a través de una aplicación manipulada, conocido como "Vulnerabilidad de desbordamiento de enteros en Win32k." • https://www.exploit-db.com/exploits/30397 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-101 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2013-3899
https://notcve.org/view.php?id=CVE-2013-3899
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate addresses, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." win32k.sys en los drivers de modo kernel en Microsoft Windows XP SP2, SP3. Server 2003 SP2 no valida apropiadamente direcciones, lo que permite a usuarios locales obtener privilegios a través de una aplicacion manipulada, tambien conocido como "Vulnerabilidad de Corrupción de Memoria en Win32k.sys" • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-101 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 43%CPEs: 3EXPL: 3CVE-2013-5065 – Microsoft Windows Kernel Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2013-5065
NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013. NDProxy.sys del kernel de Microsoft Windows XP SP2 y SP3 y Server 2003 SP2 permite a usuarios locales obtener privilegios a través de una aplicación manipulada, tal y como se explotó activamente en noviembre de 2013. Microsoft Windows NDProxy.sys in the kernel contains an improper input validation vulnerability which can allow a local attacker to escalate privileges. • https://www.exploit-db.com/exploits/30392 https://www.exploit-db.com/exploits/30014 https://www.exploit-db.com/exploits/37732 http://technet.microsoft.com/security/advisory/2914486 http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-002 •
CVSS: 7.1EPSS: 0%CPEs: 15EXPL: 0CVE-2013-3876
https://notcve.org/view.php?id=CVE-2013-3876
DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify server X.509 certificates, which allows man-in-the-middle attackers to spoof servers and read encrypted domain credentials via a crafted certificate. DirectAccess en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP1 y SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 no verifica adecuadamente certificados X.509 del servidor, lo que permite a atacantes man-in-the-middle falsificar servidores y leer credenciales de dominio cifradas a través de un certificado manipulado. • http://technet.microsoft.com/security/advisory/2862152 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 95%CPEs: 14EXPL: 0CVE-2013-3940
https://notcve.org/view.php?id=CVE-2013-3940
Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image in a Windows Write (.wri) document, which is not properly handled in WordPad, aka "Graphics Device Interface Integer Overflow Vulnerability." Desbordamiento de entero en la interfaz de dispositivo gráfico (GDI) de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Oro y R2 y Windows RT oro y 8.1 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una imagen manipulada en un documento Windows Write (. wRI) , que no es manejada correctamente en WordPad, también conocidos como gráficos "Graphics Device Interface Integer Overflow Vulnerability". • http://www.us-cert.gov/ncas/alerts/TA13-317A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-089 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18722 • CWE-190: Integer Overflow or Wraparound •