CVE-2013-3198

Microsoft Windows - Memory Corruption

Title source: llm
STIX 2.1

Description

The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3196 and CVE-2013-3197.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18421
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/ncas/alerts/TA13-225A

Scores

EPSS 0.0208
EPSS Percentile 79.3%

Details

CWE
CWE-119
Status published
Products (6)
microsoft/windows_7
microsoft/windows_8
microsoft/windows_server_2003
microsoft/windows_server_2008
microsoft/windows_vista
microsoft/windows_xp
Published Aug 14, 2013
Tracked Since Feb 18, 2026