Microsoft warns about operating CVE-2013-5065 ITW

    This week, it became known that cybercriminals used the currently unclosed vulnerability CVE-2013-5065, such as elevation of privilege (EoP) in Microsoft Windows XP and Server 2003, in organizing targeted attacks to elevate their privileges in the system. The vulnerability is not of type RCE (Remote Code Execution), but is used only to circumvent user-mode restrictions on the execution of code in the system address space. Using a bug in the NDProxy.sys driver, attackers can execute their code in kernel mode.



    The shell code itself, which performs the operation of operating the vulnerable version of ndproxy, is delivered through a malicious PDF document and is used in conjunction with the application vulnerability CVE-2013-3346 in Adobe Reader, Acrobat, which allows you to bypass sandboxing restrictions in the reader and execute arbitrary code (Adobe Reader sandbox bypass). CVE-2013-3346 was closed by Adobe in August this year with APSB13-15 and does not threaten users with updated versions of these programs.

    Update your OS if you are still using extremely unsafe Windows XP, and regularly install updates for PDF readers - Adobe Reader, Acrobat. ESET antivirus products detect an exploit as PDF / Exploit.CVE-2013-5065.A .

    Also popular now: