CVE-2013-5065
CVE-2013-5065
In short
A flaw in Windows XP and Server 2003 allows a local user to run a specially crafted program that grants them higher-level permissions on the system. This was actively exploited by attackers in the wild.
Technical detail
NDProxy.sys kernel driver in Windows XP SP2/SP3 and Server 2003 SP2 contains a privilege escalation vulnerability exploitable by local users through a crafted application. The attack vector is local; the pre-condition is local access to the system. The impact enables arbitrary code execution with kernel-level privileges, as demonstrated by active exploitation in November 2013.
Summary generated and translated by AI from the official description.
NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 5
githubgithub.com/Friarfukd/RobbinHood★ 0cve_referencewww.exploit-db.com/exploits/37732/unverifiedexploitdbwww.exploit-db.com/exploits/30392unverifiedexploitdbwww.exploit-db.com/exploits/37732unverifiedexploitdbwww.exploit-db.com/exploits/30014unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-002https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-5065https://www.exploit-db.com/exploits/37732/http://technet.microsoft.com/security/advisory/2914486http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html