CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2013-3196
https://notcve.org/view.php?id=CVE-2013-3196
The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3197 and CVE-2013-3198. El subsistema NT Virtual DOS Machine (NTVDM) en el kernel en Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, y Windows 8 en plataformas 32-bits no valida correctamente las direcciones de memoria del kernel, lo que permite a usuarios locales conseguir privilegios o causar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada, también conocido como “Windows Kernel Memory Corruption Vulnerability”, una vulnerabilidad distinta de CVE-2013-3197 y CVE-2013-3198. • http://www.us-cert.gov/ncas/alerts/TA13-225A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-063 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18175 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2013-3197
https://notcve.org/view.php?id=CVE-2013-3197
The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3196 and CVE-2013-3198. El subsistema NT Virtual DOS Machine (NTVDM) en el kernel en Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, y Windows 8 en plataformas 32-bits no valida correctamente las direcciones de memoria del kernel, lo que permite a usuarios locales conseguir privilegios o causar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada, también conocido como “Windows Kernel Memory Corruption Vulnerability”, una vulnerabilidad distinta de CVE-2013-3196 y CVE-2013-3198. • http://www.us-cert.gov/ncas/alerts/TA13-225A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-063 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18364 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 5CVE-2013-3956 – Novell Client 2 SP3 - 'nicm.sys 3.1.11.0' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-3956
The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call. El controlador del kernel NICM.SYS 3.1.11.0 en Novell Client 4.91 SP5 sobre Windows XP and Windows Server 2003; Novell Client 2 SP2 sobre Windows Vista y Windows Server 2008; y Novell Client 2 SP3 sobre Windows Server 2008 R2, Windows 7, Windows 8, y Windows Server 2012, permite a usuarios locales obtener privilegio a través de una llamada 0x143B6B IOCTL manipulada. • https://www.exploit-db.com/exploits/27191 https://www.exploit-db.com/exploits/26452 http://pastebin.com/GB4iiEwR http://www.exploit-db.com/exploits/26452 http://www.exploit-db.com/exploits/27191 http://www.novell.com/support/kb/doc.php?id=7012497 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 1CVE-2013-3697
https://notcve.org/view.php?id=CVE-2013-3697
Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call. Desbordamiento de enterio en el controlador para el kernel NWFS.SYS 4.91.5.8 en Novell Client 4.91 SP5 sobre Windows XP y Windows Server 2003 y el controlador del kernel NCPL.SYS en Novell Client 2 SP2 sobre Windows Vista y Windows Server 2008 y Novell Client 2 SP3 sobre Windows Server 2008 R2, Windows 7, Windows 8, y Windows Server 2012, podría permitir a usuarios locales obtener privilegios a través de una llamada 0x1439EB IOCTL manipulada. • http://pastebin.com/RcS2Bucg http://www.novell.com/support/kb/doc.php?id=7012497 • CWE-189: Numeric Errors •
CVSS: 8.4EPSS: 0%CPEs: 13EXPL: 0CVE-2013-1340
https://notcve.org/view.php?id=CVE-2013-1340
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability." win32k.sys en controladores kernel-mode en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, y Windows RT no gestiona de forma adecuada los objetos en memoria, lo que provoca que usuarios locales obtengan privilegios a través de una aplicación manipulada, también conocido como "Win32k Dereference Vulnerability." • http://www.us-cert.gov/ncas/alerts/TA13-190A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-053 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17273 • CWE-264: Permissions, Privileges, and Access Controls CWE-416: Use After Free •