MS13-050: Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege (2839894)

high Nessus Plugin ID 66866

Synopsis

The remote Windows host is potentially affected by a privilege escalation vulnerability.

Description

The remote Windows host is potentially affected by a vulnerability that could allow elevation of privilege when an authenticated attacker deletes a printer connection. An attacker who is able to successfully exploit the vulnerability could run arbitrary code on a user's system with system privileges. In order to exploit this issue, an attacker must have valid login credentials.

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, and 2012.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-050

Plugin Details

Severity: High

ID: 66866

File Name: smb_nt_ms13-050.nasl

Version: 1.7

Type: local

Agent: windows

Published: 6/11/2013

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 6/11/2013

Vulnerability Publication Date: 6/11/2013

Reference Information

CVE: CVE-2013-1339

BID: 60407

IAVA: 2013-A-0120

MSFT: MS13-050

MSKB: 2839894