CVE-2013-0008
published 2013-01-09CVE-2013-0008: win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows…
PriorityP346high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
17.09%
96.7th percentile
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xc82-cc97-pg8v: win32k
ghsa_unreviewed·2022-05-05
CVE-2013-0008 [HIGH] GHSA-xc82-cc97-pg8v: win32k
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
VMware
VMware vCenter Chargeback Manager Remote Code Execution
vendor_vmware·2013-06-11·CVSS 5.0
CVE-2013-0166 [MEDIUM] VMware vCenter Chargeback Manager Remote Code Execution
VMSA-2013-0008: VMware vCenter Chargeback Manager Remote Code Execution
a. vCenter Chargeback Manager Remote Code Execution The vCenter Chargeback Manager (CBM) contains a flaw in its handling of file uploads. Exploitation of this issue may allow an unauthenticated attacker to execute code remotely. VMware would like to thank Andrea Micalizzi, aka rgod, for reporting this issue to us through HP's Zero Day Initiative (ZDI). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-3520 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Product Version Running on Replace with / Apply Patch VMware Product CBM Product Version 2.01 Running on an
No detection rules found.
Exploit-DB
Microsoft Windows - HWND_BROADCAST Low to Medium Integrity Privilege Escalation (MS13-005) (Metasploit)
exploitdb·2013-08-02
CVE-2013-0008 Microsoft Windows - HWND_BROADCAST Low to Medium Integrity Privilege Escalation (MS13-005) (Metasploit)
Microsoft Windows - HWND_BROADCAST Low to Medium Integrity Privilege Escalation (MS13-005) (Metasploit)
---
##
# ## This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
require 'rex'
require 'msf/core/exploit/exe'
class Metasploit3 'MS13-005 HWND_BROADCAST Low to Medium Integrity Privilege Escalation',
'Description' => %q{
The Windows kernel does not properly isolate broadcast messages from low integrity
applications from medium or high integrity applications. This allows commands to be
broadcasted to an open medium or high integrity command prompts allowing escalation
of privileges. We can s
Exploit-DB
Microsoft Windows - HWND_BROADCAST (PoC) (MS13-005)
exploitdb·2013-02-11·CVSS 7.2
CVE-2013-0008 [HIGH] Microsoft Windows - HWND_BROADCAST (PoC) (MS13-005)
Microsoft Windows - HWND_BROADCAST (PoC) (MS13-005)
---
/*
ms13-005-funz-poc.cpp - Drive a Medium IL cmd.exe via a Low IL
process and message broadcasted
Copyright (C) 2013 Axel "0vercl0k" Souchet - http://www.twitter.com/0vercl0k
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program.
Metasploit
MS13-005 HWND_BROADCAST Low to Medium Integrity Privilege Escalation
metasploit
MS13-005 HWND_BROADCAST Low to Medium Integrity Privilege Escalation
MS13-005 HWND_BROADCAST Low to Medium Integrity Privilege Escalation
Due to a problem with isolating window broadcast messages in the Windows kernel, an attacker can broadcast commands from a lower Integrity Level process to a higher Integrity Level process, thereby effecting a privilege escalation. This issue affects Windows Vista, 7, 8, Server 2008, Server 2008 R2, Server 2012, and RT. Note that spawning a command prompt with the shortcut key combination Win+Shift+# does not work in Vista, so the attacker will have to check if the user is already running a command prompt and set SPAWN_PROMPT false. Three exploit techniques are available with this module. The WEB technique will execute a powershell encoded payload from a Web location. The FILE technique will drop an executable to the fil
http://www.exploit-db.com/exploits/24485http://www.securityfocus.com/bid/57135http://www.us-cert.gov/cas/techalerts/TA13-008A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-005https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16326http://www.exploit-db.com/exploits/24485http://www.securityfocus.com/bid/57135http://www.us-cert.gov/cas/techalerts/TA13-008A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-005https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16326
2013-01-09
Published