CVE-2013-1295

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista version SP2 Microsoft Windows Server 2008 version SP2

Description The issue arises from improper handling of objects in memory by the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows. This allows local users to gain privileges via a crafted application. An elevation of privilege vulnerability exists when the Windows CSRSS improperly handles objects in memory, enabling an attacker to run arbitrary code in the context of the local system. This could allow the attacker to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows XP versions SP2 through SP3, update to a version that properly handles objects in memory to prevent privilege escalation. For Microsoft Windows Server 2003 version SP2, apply the necessary patch to fix the CSRSS memory corruption issue. For Microsoft Windows Vista version SP2, ensure that the system is updated to prevent the exploitation of the CSRSS vulnerability. For Microsoft Windows Server 2008 version SP2, apply the relevant security update to address the elevation of privilege vulnerability in the CSRSS.