NDProxy

NDPROXY Local SYSTEM exploit CVE-2013-5065

In the past few days there has been some online chatter about CVE-2013-5065, a new Windows XP/2k3 privilege escalation, well documented by FireEye. Googling around, we came across a Twitter message which contained a link to a Chinese vulnerability analysis and PoC for CVE-2013-5065.

NDPROXY-exploit

Due to the fact that the extended instruction pointer is set to 0×00000038 at the time of the crash, this bug can easily be exploited on Windows XP, which offers little resistance, as it allows non-privileged users to map the null page within the context of a user process. From there, it was trivial to produce a fully working exploit, which we will have posted on the Exploit-DB.

To read more about the Microsoft recommendations for dealing with this vulnerability so that you are not unduly exposed.