Vulnerability Details : CVE-2013-6791
Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0 uses predictable addresses for hooked functions, which makes it easier for context-dependent attackers to defeat the ASLR protection mechanism via a return-oriented programming (ROP) attack.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2013-6791
Probability of exploitation activity in the next 30 days: 0.49%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 73 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-6791
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2013-6791
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6791
-
http://blogs.technet.com/b/srd/archive/2013/06/17/emet-4-0-now-available-for-download.aspx
EMET 4.0 now available for download – Microsoft Security Response CenterPatch
-
http://www.securitytracker.com/id/1029411
Microsoft Enhanced Mitigation Experience Toolkit Lets Users Bypass ASLR Protections - SecurityTracker
-
http://en.nsfocus.com/advisories/1301.html
Products affected by CVE-2013-6791
- cpe:2.3:a:microsoft:enhanced_mitigation_experience_toolkit:*:*:*:*:*:*:*:*