CVE-2013-5065

Published: Nov 28, 2013Modified: Apr 22, 2026CISA KEV

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.

Affected (3)

Products: Microsoft: Windows 2003 Server, Windows Xp

Microsoft

2 products

Windows 2003 Server

Windows Xp

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 2003 Server	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

References (9)

http://technet.microsoft.com/security/advisory/2914486

Source: secure@microsoft.com

PatchVendor Advisory

http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html

Source: secure@microsoft.com

Broken LinkNot Applicable

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-002

Source: secure@microsoft.com

PatchVendor Advisory

https://www.exploit-db.com/exploits/37732/

Source: secure@microsoft.com

ExploitThird Party AdvisoryVDB Entry

http://technet.microsoft.com/security/advisory/2914486

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkNot Applicable

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-002

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.exploit-db.com/exploits/37732/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-5065

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.