| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS13-093 | Vulnerability in Windows Ancillary Function Driver Could Allow Information Disclosure (2875783) | Windows XP | Important | 13-11-2013 |
Technical Information
Brief overview of the risk:
The vulnerability could allow information disclosure if an attacker logs on to an affected system as a local user, and runs a specially crafted application on the system that is designed to enable the attacker to obtain information from a higher-privileged account. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Detailed Information on the risk:
An information disclosure vulnerability exists when the Windows kernel-mode driver improperly handles copying data between kernel and user memory.
Further information on this exploit is available at : MS13-093
Affected Software
Windows XP Professional x64 Edition Service Pack 2Windows Server 2003
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista
Windows Vista x64 Edition Service Pack 2
Windows Server 2008
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8
Windows 8 for x64-based Systems
Windows Server 2012
Windows Server 2012
Server Core installation option
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012 (Server Core installation)