MS13-033: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2820917)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has a privilege escalation vulnerability.

Description :

The Windows Client/Server Run-time Subsystem (CSRSS) on the remote host
has a privilege escalation vulnerability due to an improper handling of
objects in memory. An attacker who successfully exploits this
vulnerability can execute arbitrary code in the context of the local
system. The attacker could then install or modify applications as well
as create new accounts with full user rights.

See also :

http://technet.microsoft.com/en-us/security/bulletin/ms13-033

Solution :

Microsoft has released a set of patches for Windows XP, 2003, Vista,
and 2008.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 65880 ()

Bugtraq ID: 58886

CVE ID: CVE-2013-1295