CVE-2013-0008
Title: Microsoft Windows Server 2008 Auth Bypass
Auth Bypass
Proof Of Concept
PoC Available for CVE-2013-0008
CWE Category
CWE-264
Published Date
Jan 09, 2013
Modified Date
Jun 16, 2026
Exploit Status
Available
Score
7.2
CVSS v2.0
Exploit Probability (EPSS)
17.09%
Vulnerability Summary
CVE-2013-0008: win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
Impacted Vendors
Reference Links
http://www.exploit-db.com/exploits/24485
http://www.securityfocus.com/bid/57135
http://www.us-cert.gov/cas/techalerts/TA13-008A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-005
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16326
http://www.exploit-db.com/exploits/24485
http://www.securityfocus.com/bid/57135
http://www.us-cert.gov/cas/techalerts/TA13-008A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-005
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16326
CVSS v2.0
Source Entity
[email protected]
Severity
HIGH
7.2
Access Vector
N/A
Authentication
N/A
RAW VECTOR
AV:L/AC:L/Au:N/C:C/I:C/A:C
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
Likelihood
Severity
Page /
CVE-2013-0008 Exploits & PoCs (Proof Of Concept)
MODIFIED
Vulnerability data updated via NVD.
MODIFIED
Vulnerability data updated via NVD.
MODIFIED
Vulnerability data or affected products updated.
PUBLISHED
Vulnerability first announced in NVD.
Attack Vector Matrix
Access Vector
N/A
Complexity
N/A
Privileges
N/A
Interaction
NONE
CVSS Vector String
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Stack
No specific products linked.