CVE-2013-3862

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Server 2008 R2 SP1 version prior to the fixed version

Description The issue is related to a double free vulnerability in the Service Control Manager (SCM) that allows local users to gain privileges via a crafted service description. This vulnerability exists in the way the SCM handles objects in memory, potentially allowing an attacker to execute arbitrary code and take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows versions prior to the fixed version, update to the fixed version to resolve the issue. For Server 2008 R2 SP1 version prior to the fixed version, update to the fixed version to resolve the issue. As a temporary workaround, consider restricting access to the Service Control Manager (SCM) to minimize the risk of exploitation.