CVE-2013-3881

EXPLOITED

Microsoft Windows 7 - Resource Management Error

Title source: rule

Description

win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka "Win32k NULL Page Vulnerability."

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/31576

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Seth Gibson, Dan Zentner, Matias Soler, Spencer McIntyre · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/ms13_081_track_popup_menu.rb

View Code ZIP pw:eip

References (3)

[US Government Resource] http://www.us-cert.gov/ncas/alerts/TA13-288A

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18614

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-081

Scores

EPSS 0.1770

EPSS Percentile 95.1%

Details

VulnCheck KEV 2022-11-03

CWE

CWE-399

Status published

Products (1)

microsoft/windows_7 (2 CPE variants)

Published Oct 09, 2013

Tracked Since Feb 18, 2026