CVE-2013-1342
moderate-risk
Published 2013-09-11
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multiple Fetch Vulnerability," a different vulnerability than CVE-2013-1343, CVE-2013-1344, CVE-2013-3864, and CVE-2013-3865.
Do I need to act?
-
0.86% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (17)
Affected Vendors
References (6)
US Government Resource
http://www.us-cert.gov/ncas/alerts/TA13-253A
US Government Resource
http://www.us-cert.gov/ncas/alerts/TA13-253A
46
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
3/34 · Minimal
Exposure
19/34 · Moderate