CVE-2013-1345

Name of the Vulnerable Software and Affected Versions Windows XP versions SP2 and SP3 Windows Server 2003 version SP2 Windows Vista version SP2 Windows Server 2008 versions SP2 and R2 SP1 Windows 7 version SP1 Windows 8 Windows Server 2012 Windows RT

Description The issue arises from the improper handling of objects in memory by the win32k.sys kernel-mode driver in Microsoft Windows. This allows local users to gain privileges via a crafted application. An attacker who successfully exploits this issue could execute arbitrary code with elevated privileges.

Recommendations For Windows XP SP2 and SP3, consider applying a patch or configuration change to properly handle objects in memory. For Windows Server 2003 SP2, restrict access to the win32k.sys driver to minimize the risk of exploitation. For Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, update the kernel-mode driver to a version that properly handles objects in memory. At the moment, there is no information about a newer version that contains a fix for this vulnerability.