High severity7.8CISA KEVNVD Advisory· Published Nov 28, 2013· Updated Apr 22, 2026

CVE-2013-5065

Description

NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.

Affected products

Microsoft/Windows 2003 Server
cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:*:*
Microsoft/Windows Xp2 versions
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

technet.microsoft.com/security/advisory/2914486nvdPatchVendor Advisory
docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-002nvdPatchVendor Advisory
www.exploit-db.com/exploits/37732/nvdExploitThird Party AdvisoryVDB Entry
www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.htmlnvdBroken LinkNot Applicable
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.059
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000