High severity8.4NVD Advisory· Published Jul 10, 2013· Updated Apr 29, 2026

CVE-2013-1340

Description

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."

Affected products

Microsoft/Windows 72 versions
cpe:2.3:o:microsoft:windows_7:*:sp1:x64:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_7:*:sp1:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:*:sp1:x86:*:*:*:*:*
Microsoft/Windows 82 versions
cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8:-:-:x86:*:*:*:*:*
Microsoft/Windows Rt
cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
Microsoft/Windows Server 2003
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
Microsoft/Windows Server 20083 versions
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:itanium:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*
Microsoft/Windows Server 2012
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Microsoft/Windows Vista
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
Microsoft/Windows Xp2 versions
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.546
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000