Cyber Resilience

CVE-2013-5065

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 28 November 2013

Published
28 November 2013
Modified
22 April 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.7298 98.8th percentile
Risk Priority 79 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2013-5065 is a high-severity an unspecified weakness vulnerability in Microsoft Windows Xp. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Deeper analysis

NDProxy.sys in the kernel of Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 contains a vulnerability that permits local privilege escalation when a crafted application is executed. The flaw is tracked as CVE-2013-5065 with a CVSS 3.1 score of 7.8 reflecting local attack vector, low complexity, and high impact on confidentiality, integrity, and availability.

Local users without administrative rights can exploit the issue by running a malicious application that triggers the flaw in NDProxy.sys, resulting in elevated privileges on affected systems. Public references confirm the vulnerability was exploited in the wild as early as November 2013.

Microsoft security advisory 2914486 and bulletin MS14-002 address the issue and provide mitigation guidance, while additional details appear in FireEye reporting and a public exploit on Exploit-DB. The vulnerability was publicly disclosed and actively used in targeted attacks during late 2013.

EU & UK References

Vulnerability details

NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 2003 server
all versions
microsoft
windows xp
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Least privilege directly stops local users from obtaining kernel-level rights via the NDProxy.sys flaw.

prevent

Applying the MS14-002 patch removes the vulnerable NDProxy.sys code before exploitation can succeed.

preventdetect

Malicious-code protections can block or alert on execution of the crafted application that triggers the kernel flaw.

References