CVE-2013-3136 - OpenCVE

The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:L/AC:M/Au:S/C:C/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows 7 Windows 8 Windows Server 2003 Windows Server 2008 Windows Vista Windows Xp

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_7:-:sp1:x86:::::*
	cpe:2.3:o:microsoft:windows_8:-:-:x86:::::*
	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
	cpe:2.3:o:microsoft:windows_server_2008::sp2:x86:::::
	cpe:2.3:o:microsoft:windows_vista:-:sp2::::::
	cpe:2.3:o:microsoft:windows_xp::sp3::::::*

No data.

References

Link	Providers
http://www.us-cert.gov/ncas/alerts/TA13-168A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-048
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16847

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2013-06-12T01:00:00

Updated: 2024-08-06T16:00:09.902Z

Reserved: 2013-04-17T00:00:00

Link: CVE-2013-3136

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-06-12T03:30:15.043

Modified: 2019-02-26T14:04:02.417

Link: CVE-2013-3136

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-06-11T00:00:00", "descriptions": [{"lang": "en", "value": "The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka \"Kernel Information Disclosure Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "TA13-168A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/ncas/alerts/TA13-168A"}, {"name": "MS13-048", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-048"}, {"name": "oval:org.mitre.oval:def:16847", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16847"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2013-3136", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka \"Kernel Information Disclosure Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "TA13-168A", "refsource": "CERT", "url": "http://www.us-cert.gov/ncas/alerts/TA13-168A"}, {"name": "MS13-048", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-048"}, {"name": "oval:org.mitre.oval:def:16847", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16847"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:00:09.902Z"}, "title": "CVE Program Container", "references": [{"name": "TA13-168A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/ncas/alerts/TA13-168A"}, {"name": "MS13-048", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-048"}, {"name": "oval:org.mitre.oval:def:16847", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16847"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2013-3136", "datePublished": "2013-06-12T01:00:00", "dateReserved": "2013-04-17T00:00:00", "dateUpdated": "2024-08-06T16:00:09.902Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*", "matchCriteriaId": "D16A8D29-57BF-4B74-85F2-24DBD8B52BBF", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_8:-:-:x86:*:*:*:*:*", "matchCriteriaId": "9DAA2E6F-A666-4136-8F6B-E35C313CAB2B", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*", "matchCriteriaId": "32C28EC2-8A34-4E30-A76A-86921D7332C1", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka \"Kernel Information Disclosure Vulnerability.\""}, {"lang": "es", "value": "El kernel en Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1 y Windows 8 en plataformas de 32 bits no controla correctamente llamadas al sistema de fallos no especificadas de fallos de p\u00e1gina, permitiendo a usuarios locales obtener informaci\u00f3n confidencial de la memoria del n\u00facleo a trav\u00e9s de una aplicaci\u00f3n especialmente dise\u00f1ada, tambi\u00e9n conocido como \"vulnerabilidad de revelaci\u00f3n de informaci\u00f3n del Kernel\""}], "id": "CVE-2013-3136", "lastModified": "2019-02-26T14:04:02.417", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.4, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:S/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 2.7, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-06-12T03:30:15.043", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/ncas/alerts/TA13-168A"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-048"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16847"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}