CVE-2013-3887

2013-11-1300:55:02

CWE-200

[email protected]

web.nvd.nist.gov

ancillary function driver

afd

microsoft

windows

information disclosure

vulnerability

kernel memory

nvd

cve-2013-3887

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

5.4 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.2%

JSON

The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows local users to obtain sensitive information from kernel memory by leveraging improper copy operations, aka “Ancillary Function Driver Information Disclosure Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_7sp1x64

microsoftwindows_8Match--x64

microsoftwindows_server_2003sp2

microsoftwindows_server_2008sp2itanium

microsoftwindows_server_2008sp2x64

microsoftwindows_server_2012Match-

microsoftwindows_vistasp2

microsoftwindows_xpMatch-sp2x64

CPENameOperatorVersion
microsoft:windows_7microsoft windows 7eq*
microsoft:windows_8microsoft windows 8eq-
microsoft:windows_server_2003microsoft windows server 2003eq*
microsoft:windows_server_2008microsoft windows server 2008eq*
microsoft:windows_server_2012microsoft windows server 2012eq-
microsoft:windows_vistamicrosoft windows vistaeq*
microsoft:windows_xpmicrosoft windows xpeq-

CPE	Name	Operator	Version
microsoft:windows_7	microsoft windows 7	eq	*
microsoft:windows_8	microsoft windows 8	eq	-
microsoft:windows_server_2003	microsoft windows server 2003	eq	*
microsoft:windows_server_2008	microsoft windows server 2008	eq	*
microsoft:windows_server_2012	microsoft windows server 2012	eq	-
microsoft:windows_vista	microsoft windows vista	eq	*
microsoft:windows_xp	microsoft windows xp	eq	-