← back
CVE-2013-5065highunder attack

CVE-2013-5065

98Vexday Risk Score

Patch now. It under exploitation confirmed by CISA and has a working public exploit.

ssvc Actcvss 7.8epss 35%
from disclosure to weapon6 days
Published on NVDNov 27
1st PoC+6d
metasploitNov 27
CISA KEV+3018d
exploitation probability
35%top 2% of all CVEs
observed exploitation
yesCISA + VulnCheck
5 public exploit(s)
Action required by CISAfederal deadline: 2022-03-24

Apply updates per vendor instructions.

In short

A flaw in Windows XP and Server 2003 allows a local user to run a specially crafted program that grants them higher-level permissions on the system. This was actively exploited by attackers in the wild.

Technical detail

NDProxy.sys kernel driver in Windows XP SP2/SP3 and Server 2003 SP2 contains a privilege escalation vulnerability exploitable by local users through a crafted application. The attack vector is local; the pre-condition is local access to the system. The impact enables arbitrary code execution with kernel-level privileges, as demonstrated by active exploitation in November 2013.

Summary generated and translated by AI from the official description.
NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.