Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2013-5065

Published: 28/11/2013 Updated: 12/10/2018
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 735
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Windows 2003 Server

Vulnerability Summary

NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 2003 server

microsoft windows xp

Exploits

Exploit DB: Microsoft Windows XP SP3 (x86) / 2003 SP2 (x86) - 'NDProxy' Local Privilege Escalation (MS14-002)
/* ################################################################ # Exploit Title: Windows NDProxy Privilege Escalation (MS14-002) # Date: 2015-08-03 # Exploit Author: Tomislav Paskalev # Vulnerable Software: # Windows XP SP3 x86 # Windows XP SP2 x86-64 # Windows 2003 SP2 x86 # Windows 2003 SP2 x86-64 # Windows 2003 SP2 IA-64 # Supporte ...
Exploit DB: Microsoft Windows - 'ndproxy.sys' Local Privilege Escalation (Metasploit)
## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' require 'rex' class Metasploit3 < Msf::Exploit::Local Rank = AverageRanking include Msf::Post::File include Msf::Post::Windows::Priv include Msf::Post::Windows::Process def initi ...
Exploit DB: Microsoft Windows - 'NDPROXY' SYSTEM Privilege Escalation (MS14-002)
# NDPROXY Local SYSTEM privilege escalation # wwwoffensive-securitycom # Tested on Windows XP SP3 # wwwoffensive-securitycom/vulndev/ndproxy-local-system-exploit-cve-2013-5065/ # Original crash null pointer dereference # Access violation - code c0000005 (!!! second chance !!!) # 00000038 ?? ??? from ctypes impo ...
Exploit DB: Microsoft Windows NDPROXY Local SYSTEM Privilege Escalation
Microsoft Windows NDPROXY local SYSTEM privilege escalation exploit ...
Exploit DB: Microsoft Windows ndproxy.sys Local Privilege Escalation
This Metasploit module exploits a flaw in the ndproxysys driver on Windows XP SP3 and Windows 2003 SP2 systems, exploited in the wild in November, 2013 The vulnerability exists while processing an IO Control Code 0x8fff23c8 or 0x8fff23cc, where user provided input is used to access an array unsafely, and the value is used to perform a call, leadi ...
Exploit DB: MS14-002 Windows NDProxy Privilege Escalation
NDPROXY is a system-provided driver that interfaces WAN miniport drivers, call managers, and miniport call managers to the Telephony Application Programming Interfaces (TAPI) services The vulnerability is caused when the NDProxysys kernel component fails to properly validate input An attacker who successfully exploited this vulnerability could r ...

Recent Articles

IT threat evolution Q3 2014
Securelist • David Emm Maria Garnaeva Victor Chebyshev Roman Unuchek Denis Makrushin Anton Ivanov • 18 Nov 2014

PDF version In July we published our in-depth analysis into a targeted attack campaign that we dubbed ‘Crouching Yeti’. This campaign is also known as ‘Energetic Bear’. This campaign, which has been active since late 2010, has so far targeted the following sectors:  industrial/machinery, manufacturing, pharmaceutical, construction, education and information technology.  So far there have been more than 2,800 victims worldwide, and we have been able to identify 101 different organisatio...

Read more...
The Epic Turla Operation
Securelist • GReAT • 07 Aug 2014

Technical Appendix with IOCs Over the last 10 months, Kaspersky Lab researchers have analyzed a massive cyber-espionage operation which we call “Epic Turla”. The attackers behind Epic Turla have infected several hundred computers in more than 45 countries, including government institutions, embassies, military, education, research and pharmaceutical companies. The attacks are known to have used at least two zero-day exploits: We also observed exploits against older (patched) vulnerabilities,...

Read more...

References

CWE-20http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.htmlhttp://technet.microsoft.com/security/advisory/2914486https://www.exploit-db.com/exploits/37732/https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-002https://nvd.nist.govhttps://www.exploit-db.com/exploits/37732/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook