Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2013-3878 | First vendor Publication | 2013-12-10 |
| Vendor | Cve | Last vendor Modification | 2019-02-26 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 6.9 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 3.4 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Stack-based buffer overflow in the LRPC client in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges by operating an LRPC server that sends a crafted LPC port message, aka "LRPC Client Buffer Overrun Vulnerability." |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3878 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:21070 | |||
| Oval ID: | oval:org.mitre.oval:def:21070 | ||
| Title: | LRPC Client Buffer Overrun Vulnerability (CVE-2013-3878) - MS13-102 | ||
| Description: | Stack-based buffer overflow in the LRPC client in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges by operating an LRPC server that sends a crafted LPC port message, aka "LRPC Client Buffer Overrun Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-3878 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 1 | |
| Os | 2 |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2013-12-12 | IAVM : 2013-A-0226 - Microsoft LRPC Client Privilege Escalation Vulnerability Severity : Category II - VMSKEY : V0042591 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-12-11 | Name : A client on the host is vulnerable to a privilege escalation vulnerability. File : smb_nt_ms13-102.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
| Source | Url |
|---|---|
| MS | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13... |
Alert History
| Date | Informations |
|---|---|
| 2021-05-04 12:27:03 |
|
| 2021-04-22 01:32:45 |
|
| 2020-05-23 00:37:49 |
|
| 2019-02-26 17:19:39 |
|
| 2018-10-13 05:18:41 |
|
| 2014-02-17 11:21:27 |
|
| 2013-12-13 21:19:25 |
|
| 2013-12-11 21:20:08 |
|
| 2013-12-11 13:19:03 |
|
