MS13-053: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (2850851)

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.

Synopsis :

The Windows kernel on the remote host is affected by multiple

Description :

The Windows kernel on the remote host has the following
vulnerabilities :

- A memory allocation vulnerability exists.

- A dereference vulnerability exists. (CVE-2013-1340)

- A privilege escalation vulnerability exists in the
Windows kernel-mode driver. (CVE-2013-1345)

- A TrueType Font parsing vulnerability exists.

- An information disclosure vulnerability exists.

- A buffer overflow vulnerability exists. (CVE-2013-3173)

- A flaw exists in kernel-mode drivers in how linked lists
pointers are handled in PATHREC objects. (CVE-2013-3660)

A remote attacker could exploit any of these vulnerabilities to elevate

See also :

Solution :

Microsoft has released a set of patches for Windows XP, 2003, Vista,
2008, 7, 2008 R2, 8, and 2012.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true