CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 0CVE-2013-3879
https://notcve.org/view.php?id=CVE-2013-3879
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en win32k.sys de los drivers kernel-mode en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, y Windows RT permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como "Vulnerabilidad de uso después de liberación en Win32k". • http://www.us-cert.gov/ncas/alerts/TA13-288A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18718 • CWE-399: Resource Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 0CVE-2013-3200
https://notcve.org/view.php?id=CVE-2013-3200
The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability." Los controladores USB en los controladores en modo kernel de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012 y Windows RT permiten físicamente a atacantes próximos ejecutar código arbitrario mediante la conexión de un dispositivo USB malicioso, también conocido como "Windows USB Descriptor Vulnerability." • http://www.us-cert.gov/ncas/alerts/TA13-288A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18630 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 75%CPEs: 48EXPL: 0CVE-2013-3128 – Microsoft Windows OpenType Font Parsing Persistent Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2013-3128
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute arbitrary code via a crafted OpenType font (OTF) file, aka "OpenType Font Parsing Vulnerability." Los drivers kernel-mode en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, y Windows RT, y .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, y 4.5, permite a atacantes remotos ejecutar código arbitrario a través de un archivo de fuente OpenType (OTF), también conocido como "Vulnerabilidad de parseo de fuentes OpenType". This vulnerability allows remote attackers to causes a persistent Denial-of-Service on machines running vulnerable versions of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must open a vulnerable font. The specific flaw exists within the handling of OpenType Fonts in the Windows Kernel. The machine will immediately crash and be unable to restart if a user attempts to use the malicious font. • http://www.us-cert.gov/ncas/alerts/TA13-288A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-081 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-082 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18847 •
CVSS: 3.5EPSS: 4%CPEs: 4EXPL: 0CVE-2013-3880
https://notcve.org/view.php?id=CVE-2013-3880
The App Container feature in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to bypass intended access restrictions and obtain sensitive information from a different container via a Trojan horse application, aka "App Container Elevation of Privilege Vulnerability." La función App Container en los controladores en kernel-mode de Microsoft Windows 8, Windows Server 2012 y Windows RT permite a atacantes remotos evitar las restricciones de acceso previstos y obtener información sensible de un recipiente diferente a través de una aplicación de caballo de Troya, también conocido como "App Container Elevation of Privilege Vulnerability." • http://www.us-cert.gov/ncas/alerts/TA13-288A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18912 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 64%CPEs: 12EXPL: 0CVE-2013-3195
https://notcve.org/view.php?id=CVE-2013-3195
The DSA_InsertItem function in Comctl32.dll in the Windows common control library in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted value in an argument to an ASP.NET web application, aka "Comctl32 Integer Overflow Vulnerability." La función DSA_InsertItem en Comctl32.dll en la biblioteca de controles comunes de Windows en Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012 y Windows RT no asigna correctamente la memoria, lo que permite a atacantes remotos ejecutar código arbitrario a través de un valor diseñado en un argumento para una aplicación web ASP.NET, alias "Comctl32 Integer Overflow Vulnerability." • http://blogs.technet.com/b/srd/archive/2013/10/08/assessing-risk-for-the-october-2013-security-updates.aspx http://www.us-cert.gov/ncas/alerts/TA13-288A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-083 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18715 • CWE-399: Resource Management Errors •