CVE-2013-3136

Severity Score

4.4

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."

El kernel en Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1 y Windows 8 en plataformas de 32 bits no controla correctamente llamadas al sistema de fallos no especificadas de fallos de página, permitiendo a usuarios locales obtener información confidencial de la memoria del núcleo a través de una aplicación especialmente diseñada, también conocido como "vulnerabilidad de revelación de información del Kernel"

*Credits: N/A

CVSS Scores

NISTv2 4.4

Attack Vector

Local

Attack Complexity

Medium

Authentication

Single

Confidentiality

Complete

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-04-17 CVE Reserved
2013-06-12 CVE Published
2024-08-06 CVE Updated
2024-11-07 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-399: Resource Management Errors

CAPEC

References (3)

URL	Tag	Source
http://www.us-cert.gov/ncas/alerts/TA13-168A	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16847	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-048	2019-02-26

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		Windows 7 Search vendor "Microsoft" for product "Windows 7"				-		sp1, x86		Affected
Microsoft Search vendor "Microsoft"		Windows 8 Search vendor "Microsoft" for product "Windows 8"				-		x86		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003"				*		sp2		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"				*		sp2, x86		Affected
Microsoft Search vendor "Microsoft"		Windows Vista Search vendor "Microsoft" for product "Windows Vista"				-		sp2		Affected
Microsoft Search vendor "Microsoft"		Windows Xp Search vendor "Microsoft" for product "Windows Xp"				*		sp3		Affected