CVE-2013-3899

Name of the Vulnerable Software and Affected Versions Windows XP versions SP2 through SP3 Windows Server 2003 version SP2

Description The issue is related to the Win32k.sys kernel-mode driver, which does not properly validate addresses in memory. This allows a local user to potentially gain privileges via a crafted application. An attacker who successfully exploits this issue could execute arbitrary code with elevated privileges.

Recommendations For Windows XP versions SP2 through SP3, update to a version that includes the fix for this issue. For Windows Server 2003 version SP2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Win32k.sys kernel-mode driver to minimize the risk of exploitation.