VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 10, 2013· Updated Apr 29, 2026

CVE-2013-1345

CVE-2013-1345

Description

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory handling flaw in win32k.sys allows local privilege escalation on multiple Windows versions; patched in MS13-053.

Vulnerability

The vulnerability resides in win32k.sys, the kernel-mode driver in Microsoft Windows. It occurs when the driver does not properly handle objects in memory. Affected versions include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT [1]. The bug is reachable by a local user running a crafted application.

Exploitation

An attacker must have local access to the system and be able to execute a specially crafted application. No additional authentication is required beyond the user's existing privileges. The application triggers the memory handling flaw in win32k.sys, leading to kernel-mode code execution [1].

Impact

Successful exploitation allows an attacker to gain elevated privileges, potentially achieving complete control over the affected system. This includes the ability to install programs, view/change/delete data, or create new accounts with full user rights [1]. The vulnerability is classified as an elevation of privilege issue.

Mitigation

Microsoft released security update MS13-053 (KB2850851) on July 9, 2013, which addresses this vulnerability [1]. Users should apply the update via Windows Update or manual installation. The US-CERT alert TA13-190A also recommends applying the updates [2]. No workarounds are documented; the only mitigation is to install the patch.

References
  1. Microsoft Security Bulletin MS13-053 - Critical
  2. Microsoft Updates for Multiple Vulnerabilities | CISA

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

15
  • Microsoft/Windows 72 versions
    cpe:2.3:o:microsoft:windows_7:*:sp1:x64:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_7:*:sp1:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_7:*:sp1:x86:*:*:*:*:*
  • Microsoft/Windows 82 versions
    cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_8:-:-:x86:*:*:*:*:*
  • Microsoft/Windows Rt
    cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
  • Microsoft/Windows Server 2003
    cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • Microsoft/Windows Server 20083 versions
    cpe:2.3:o:microsoft:windows_server_2008:*:sp2:itanium:*:*:*:*:*+ 2 more
    • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:itanium:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*
  • Microsoft/Windows Server 2012
    cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
  • Microsoft/Windows Vista
    cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
  • Microsoft/Windows Xp2 versions
    cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
  • Microsoft/Windowsllm-fuzzy
  • Microsoft/win32k.sysllm-fuzzy

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.