CERT-In Vulnerability Note
CIVN-2013-0216
Multiple Vulnerabilities in Microsoft Windows Kernel-Mode Drivers
Original Issue Date:December 11, 2013
Severity Rating: MEDIUM
Systems Affected
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows 7 for 32-bit and x64-based Systems SP1
- Windows Server 2008 R2 for x64-based and Itanium-based Systems SP1
- Windows Server 2012 and Windows Server 2012 R2
- Windows RT and Windows RT 8.1
- Windows Vista SP2
- Windows Vista x64 Edition SP2
- Windows Server 2008 for 32-bit and x64-based Systems SP2
- Windows Server 2008 for Itanium-based Systems SP2
- Windows 8 and Windows 8.1 for 32-bit and 64-bit Systems
Overview
Multiple vulnerabilities have been reported in the Microsoft Windows, which could be exploited by the attackers to gain elevated privileges and execute arbitrary code in the kernel mode or cause a Denial of Service condition on a targeted system.
Description
1. Win32k Memory Corruption Vulnerability
(
CVE-2013-3899
)
A vulnerability in the win32k.sys kernel-mode device driver due to improper validation of memory address values. A local attacker could exploit this vulnerability by using a specially crafted application and a memory corruption error occurs when the software processes that application.
Successful exploitation of this vulnerability could allow the local attacker to gain elevated privileges and execute the arbitrary code or compromise the system with the privileges of the targeted user.
2. Win32k Use After Free Vulnerability
(
CVE-2013-3902
)
An use-after-free vulnerability occurs in the win32k.sys kernel-mode device driver due to improperly handle the objects in memory. A local attacker could exploit this vulnerability by using a special crafted application and an use-after-free memory error condition occurs when the software processes that application.
Successful exploitation of this vulnerability could allow the local attacker to gain elevated privileges and execute the arbitrary code in the kernel mode or compromise the system with the privileges of the targeted user.
3. TrueType Font Parsing Vulnerability
(
CVE-2013-3903
)
A denial of service vulnerability in the win32k.sys kernel-mode device driver in Microsoft Windows due to insufficient validation of array indexes while loading TrueType font files. A remote attacker could exploit this vulnerability by embedding a specially crafted TrueType font file on a website and convince the user to visit the malicious website, the browser would attempt to render the font.
Successful exploitation of this vulnerability could allow the attacker to stop responding and restart the targeted system, resulting a Denial of Service condition.
4. Port-Class Driver Double Fetch Vulnerability
(
CVE-2013-3907
)
A gain elevated privileges vulnerability in the portcls.sys audio port-class device driver in Microsoft Windows due to improper handling of objects in memory. A local attacker could exploit this vulnerability by using a special crafted application and a double-fetch memory flaw may occur when the software processes that application.
Successful exploitation of this vulnerability could allow the local attacker to gain elevated privileges and execute the arbitrary code in the kernel mode or compromise the system with the privileges of the targeted user.
5. Win32k Integer Overflow Vulnerability
(
CVE-2013-5058
)
An integer overflow vulnerability occurs in the win32k.sys kernel-mode device driver due to improper handling of objects in memory. A local attacker could exploit this vulnerability by executing a specially crafted application which could cause to stop responding of the targeted system.
Successful exploitation of this vulnerability could allow the attacker to cause a Denial of Service condition.
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin
MS13-101
Vendor Information
Microsoft
http://technet.microsoft.com/en-us/security/bulletin/MS13-101
References
SecurityFocus
http://www.securityfocus.com/bid/64080
http://www.securityfocus.com/bid/64084
http://www.securityfocus.com/bid/64090
http://www.securityfocus.com/bid/64087
http://www.securityfocus.com/bid/64091
Cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=31969
http://tools.cisco.com/security/center/viewAlert.x?alertId=31970
http://tools.cisco.com/security/center/viewAlert.x?alertId=31971
http://tools.cisco.com/security/center/viewAlert.x?alertId=31972
http://tools.cisco.com/security/center/viewAlert.x?alertId=31973
SecurityTracker
http://www.securitytracker.com/id/1029461
Secunia
http://secunia.com/advisories/55986
Symantec
http://www.symantec.com/connect/blogs/microsoft-patch-tuesday-december-2013
CVE Name
CVE-2013-3899
CVE-2013-3902
CVE-2013-3903
CVE-2013-3907
CVE-2013-5058
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|