MS13-046 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege
2013-05-14 This security update resolves three privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.
Vulnerabilities addressed in this bulletin:
Bulletin details at Microsoft.com
Vulnerabilities addressed in this bulletin:
- DirectX Graphics Kernel Subsystem Double Fetch Vulnerability
- An elevation of privilege vulnerability exists when the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) improperly handles objects in memory.
CVE-2013-1332 - Win32k Buffer Overflow Vulnerability
CVE-2013-1333- Win32k Window Handle Vulnerability
CVE-2013-1334
Bulletin details at Microsoft.com
Related CVE Entries
dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
Max CVSS
7.2
EPSS Score
0.04%
Published
2013-05-15
Updated
2023-12-07
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
Max CVSS
7.2
EPSS Score
0.04%
Published
2013-05-15
Updated
2018-10-12
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
Max CVSS
7.2
EPSS Score
0.04%
Published
2013-05-15
Updated
2023-12-07