MS13-053: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (2850851)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The Windows kernel on the remote host is affected by multiple
vulnerabilities.

Description :

The Windows kernel on the remote host has the following
vulnerabilities :

- A memory allocation vulnerability exists.
(CVE-2013-1300)

- A dereference vulnerability exists. (CVE-2013-1340)

- A privilege escalation vulnerability exists in the
Windows kernel-mode driver. (CVE-2013-1345)

- A TrueType Font parsing vulnerability exists.
(CVE-2013-3129)

- An information disclosure vulnerability exists.
(CVE-2013-3167)

- A buffer overflow vulnerability exists. (CVE-2013-3173)

- A flaw exists in kernel-mode drivers in how linked lists
pointers are handled in PATHREC objects. (CVE-2013-3660)

A remote attacker could exploit any of these vulnerabilities to elevate
privileges.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-13-170/
http://www.zerodayinitiative.com/advisories/ZDI-13-171/
http://technet.microsoft.com/en-us/security/bulletin/ms13-053

Solution :

Microsoft has released a set of patches for Windows XP, 2003, Vista,
2008, 7, 2008 R2, 8, and 2012.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true