CVE-2013-3880 - Vulnerability Details - OpenCVE

The App Container feature in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to bypass intended access restrictions and obtain sensitive information from a different container via a Trojan horse application, aka "App Container Elevation of Privilege Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows 8 Windows Rt Windows Server 2012

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_8:-:-:x64:::::*
	cpe:2.3:o:microsoft:windows_8:-:-:x86:::::*
	cpe:2.3:o:microsoft:windows_rt:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*

No data.

References

Link	Providers
http://www.us-cert.gov/ncas/alerts/TA13-288A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-081
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18912

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2013-10-09T14:44:00

Updated: 2024-08-06T16:22:01.404Z

Reserved: 2013-06-03T00:00:00

Link: CVE-2013-3880

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-10-09T14:53:24.763

Modified: 2024-11-21T01:54:28.330

Link: CVE-2013-3880

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-10-08T00:00:00", "descriptions": [{"lang": "en", "value": "The App Container feature in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to bypass intended access restrictions and obtain sensitive information from a different container via a Trojan horse application, aka \"App Container Elevation of Privilege Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "MS13-081", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-081"}, {"name": "TA13-288A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/ncas/alerts/TA13-288A"}, {"name": "oval:org.mitre.oval:def:18912", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18912"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2013-3880", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The App Container feature in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to bypass intended access restrictions and obtain sensitive information from a different container via a Trojan horse application, aka \"App Container Elevation of Privilege Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "MS13-081", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-081"}, {"name": "TA13-288A", "refsource": "CERT", "url": "http://www.us-cert.gov/ncas/alerts/TA13-288A"}, {"name": "oval:org.mitre.oval:def:18912", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18912"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:22:01.404Z"}, "title": "CVE Program Container", "references": [{"name": "MS13-081", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-081"}, {"name": "TA13-288A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/ncas/alerts/TA13-288A"}, {"name": "oval:org.mitre.oval:def:18912", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18912"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2013-3880", "datePublished": "2013-10-09T14:44:00", "dateReserved": "2013-06-03T00:00:00", "dateUpdated": "2024-08-06T16:22:01.404Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:*", "matchCriteriaId": "DE8E7D74-0DCB-4633-B502-EDC2112229BA", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_8:-:-:x86:*:*:*:*:*", "matchCriteriaId": "9DAA2E6F-A666-4136-8F6B-E35C313CAB2B", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*", "matchCriteriaId": "ABC7A32C-4A4A-4533-B42E-350E728ADFEB", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The App Container feature in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to bypass intended access restrictions and obtain sensitive information from a different container via a Trojan horse application, aka \"App Container Elevation of Privilege Vulnerability.\""}, {"lang": "es", "value": "La funci\u00f3n App Container en los controladores en kernel-mode de Microsoft Windows 8, Windows Server 2012 y Windows RT permite a atacantes remotos evitar las restricciones de acceso previstos y obtener informaci\u00f3n sensible de un recipiente diferente a trav\u00e9s de una aplicaci\u00f3n de caballo de Troya, tambi\u00e9n conocido como \"App Container Elevation of Privilege Vulnerability.\""}], "id": "CVE-2013-3880", "lastModified": "2024-11-21T01:54:28.330", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-10-09T14:53:24.763", "references": [{"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/ncas/alerts/TA13-288A"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-081"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18912"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/ncas/alerts/TA13-288A"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-081"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18912"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}