Executive Summary

Summary
TitleVulnerabilities in Windows Kernel
Informations
NameMS13-081First vendor Publication2013-10-08
VendorMicrosoftLast vendor Modification2014-01-14
Severity (Vendor) VersionRevision2.0

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Critical
Revision Note: V2.0 (January 14, 2014): Rereleased bulletin to announce the reoffering of the 2862330 update to systems running Windows 7 or Windows Server 2008 R2. See the Update FAQ for details.
Summary: This security update resolves seven privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if a user views shared content that embeds OpenType or TrueType font files. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system.

Original Source

Url : https://technet.microsoft.com/en-us/library/security/MS13-081

CWE : Common Weakness Enumeration

%idName
43 %CWE-399Resource Management Errors
29 %CWE-94Failure to Control Generation of Code ('Code Injection')
14 %CWE-264Permissions, Privileges, and Access Controls
14 %CWE-20Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18718
 
Oval ID: oval:org.mitre.oval:def:18718
Title: Win32k Use After Free Vulnerability (CVE-2013-3879) MS13-081
Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-3879
Version: 4
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18924
 
Oval ID: oval:org.mitre.oval:def:18924
Title: DirectX Graphics Kernel Subsystem Double Fetch Vulnerability (CVE-2013-3888) - MS13-081
Description: dxgkrnl.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-3888
Version: 4
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18912
 
Oval ID: oval:org.mitre.oval:def:18912
Title: App Container Elevation of Privilege Vulnerability (CVE-2013-3880) - MS13-081
Description: The App Container feature in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to bypass intended access restrictions and obtain sensitive information from a different container via a Trojan horse application, aka "App Container Elevation of Privilege Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-3880
Version: 3
Platform(s): Microsoft Windows 8
Microsoft Windows Server 2012
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18630
 
Oval ID: oval:org.mitre.oval:def:18630
Title: Windows USB Descriptor Vulnerability (CVE-2013-3200) - MS13-081
Description: The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-3200
Version: 6
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18847
 
Oval ID: oval:org.mitre.oval:def:18847
Title: OpenType Font Parsing Vulnerability (CVE-2013-3128) - MS13-081, MS13-082
Description: The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute arbitrary code via a crafted OpenType font (OTF) file, aka "OpenType Font Parsing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-3128
Version: 14
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Microsoft .NET Framework 4.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18899
 
Oval ID: oval:org.mitre.oval:def:18899
Title: TrueType Font CMAP Table Vulnerability (CVE-2013-3894) - MS13-081
Description: The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted CMAP table in a TrueType font (TTF) file, aka "TrueType Font CMAP Table Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-3894
Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18614
 
Oval ID: oval:org.mitre.oval:def:18614
Title: Win32k NULL Page Vulnerability (CVE-2013-3881) - MS13-081
Description: win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka "Win32k NULL Page Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-3881
Version: 4
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application6
Os2
Os2
Os1
Os1
Os5
Os1
Os2
Os3

ExploitDB Exploits

idDescription
2014-02-11Windows TrackPopupMenuEx Win32k NULL Page

Information Assurance Vulnerability Management (IAVM)

DateDescription
2013-12-12IAVM : 2013-A-0232 - Multiple Vulnerabilities in Microsoft Windows Kernel-Mode Drivers
Severity : Category I - VMSKEY : V0042582
2013-10-10IAVM : 2013-A-0187 - Multiple Vulnerabilities in Microsoft .NET Framework
Severity : Category I - VMSKEY : V0040753
2013-10-10IAVM : 2013-A-0190 - Multiple Vulnerabilities in Microsoft Windows Kernel-Mode Drivers
Severity : Category I - VMSKEY : V0040763

Snort® IPS/IDS

DateDescription
2014-04-24ATMFD Adobe font driver reserved command denial of service attempt
RuleID : 30241 - Revision : 2 - Type : FILE-OTHER
2014-04-24ATMFD Adobe font driver reserved command denial of service attempt
RuleID : 30240 - Revision : 2 - Type : FILE-OTHER
2014-01-10ATMFD Adobe font driver reserved command denial of service attempt
RuleID : 28203 - Revision : 4 - Type : FILE-OTHER
2014-01-10ATMFD Adobe font driver reserved command denial of service attempt
RuleID : 28202 - Revision : 3 - Type : FILE-OTHER

Metasploit Database

idDescription
2013-10-08 Windows TrackPopupMenuEx Win32k NULL Page
2020-02-08 Windows Gather Applied Patches

Nessus® Vulnerability Scanner

DateDescription
2013-10-09Name : The Windows kernel drivers on the remote host are affected by multiple vulner...
File : smb_nt_ms13-081.nasl - Type : ACT_GATHER_INFO
2013-10-09Name : The .NET Framework install on the remote Windows host could allow arbitrary c...
File : smb_nt_ms13-082.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
DateInformations
2016-04-27 02:03:04
  • Multiple Updates
2016-03-09 21:24:45
  • Multiple Updates
2016-03-09 17:23:36
  • Multiple Updates
2014-11-14 13:24:29
  • Multiple Updates
2014-05-06 11:35:09
  • Multiple Updates
2014-05-06 11:32:31
  • Multiple Updates
2014-04-19 00:26:08
  • Multiple Updates
2014-04-19 00:17:43
  • Multiple Updates
2014-04-18 21:28:38
  • Multiple Updates
2014-04-18 21:18:57
  • Multiple Updates
2014-04-18 17:26:23
  • Multiple Updates
2014-04-18 17:17:59
  • Multiple Updates
2014-04-18 13:29:54
  • Multiple Updates
2014-04-18 13:19:02
  • Multiple Updates
2014-04-18 09:27:09
  • Multiple Updates
2014-04-18 09:18:12
  • Multiple Updates
2014-04-18 05:28:02
  • Multiple Updates
2014-04-18 05:19:28
  • Multiple Updates
2014-04-18 00:26:21
  • Multiple Updates
2014-04-18 00:17:46
  • Multiple Updates
2014-04-17 21:25:59
  • Multiple Updates
2014-04-17 21:18:56
  • Multiple Updates
2014-04-17 17:26:37
  • Multiple Updates
2014-04-17 17:18:06
  • Multiple Updates
2014-04-17 13:29:32
  • Multiple Updates
2014-04-17 13:19:07
  • Multiple Updates
2014-04-17 09:21:02
  • Multiple Updates
2014-04-17 09:07:47
  • Multiple Updates
2014-02-17 11:47:48
  • Multiple Updates
2014-02-12 17:23:08
  • Multiple Updates
2014-02-10 21:21:06
  • Multiple Updates
2014-01-14 21:16:24
  • Multiple Updates
2014-01-10 17:19:31
  • Multiple Updates
2013-12-17 05:15:54
  • Multiple Updates
2013-11-11 12:41:36
  • Multiple Updates
2013-10-17 00:16:16
  • Multiple Updates
2013-10-10 05:16:00
  • Multiple Updates
2013-10-09 21:24:23
  • Multiple Updates
2013-10-08 21:16:45
  • First insertion